scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-29 17:52:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

Docs/SPE 260: update and reorganize telemetry metric references (#21965)

Browse Source 
New how-to guide to enable telemetry, restructure telemetry metrics as partials, and provide multiple index pages to make them easier to look up.
This commit is contained in:
Sarah Chavis
2023-07-21 10:28:52 -07:00
committed by GitHub
parent 8615b31598
commit e91b507996
383 changed files with 4123 additions and 589 deletions
Download Patch File Download Diff File Expand all files Collapse all files

588
website/content/docs/internals/telemetry.mdx
View File

@@ -1,588 +0,0 @@
---
layout: docs
page_title: Telemetry
description: Learn about the telemetry data available in Vault.
---
# Telemetry
The Vault server process collects various runtime metrics about the performance of different libraries and subsystems. These metrics are aggregated on a ten-second interval and retained for one minute in memory. Telemetry from Vault must be stored in metrics aggregation software to monitor Vault and collect durable metrics.
To view the raw data, you must send a signal to the Vault process: on Unix-style operating systems, this is `USR1`, while on Windows, it is `BREAK`. When the Vault process receives this signal, it will dump the current telemetry information to the process's `stderr`.
This telemetry information can be used for debugging purposes and provides users with insights into Vault's runtime.
Telemetry information can also be streamed directly from Vault to a range of metrics aggregation solutions as described in the [telemetry Stanza][telemetry-stanza] documentation.
The following is an example of a telemetry dump snippet:
```text
[2017-12-19 20:37:50 +0000 UTC][G] 'vault.7f320e57f9fe.expire.num_leases': 5100.000
[2017-12-19 20:37:50 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.num_goroutines': 39.000
[2017-12-19 20:37:50 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.sys_bytes': 222746880.000
[2017-12-19 20:37:50 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.malloc_count': 109189192.000
[2017-12-19 20:37:50 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.free_count': 108408240.000
[2017-12-19 20:37:50 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.heap_objects': 780953.000
[2017-12-19 20:37:50 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.total_gc_runs': 232.000
[2017-12-19 20:37:50 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.alloc_bytes': 72954392.000
[2017-12-19 20:37:50 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.total_gc_pause_ns': 150293024.000
[2017-12-19 20:37:50 +0000 UTC][S] 'vault.merkle.flushDirty': Count: 100 Min: 0.008 Mean: 0.027 Max: 0.183 Stddev: 0.024 Sum: 2.681 LastUpdated: 2017-12-19 20:37:59.848733035 +0000 UTC m=+10463.692105920
[2017-12-19 20:37:50 +0000 UTC][S] 'vault.merkle.saveCheckpoint': Count: 4 Min: 0.021 Mean: 0.054 Max: 0.110 Stddev: 0.039 Sum: 0.217 LastUpdated: 2017-12-19 20:37:57.048458148 +0000 UTC m=+10460.891835029
[2017-12-19 20:38:00 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.alloc_bytes': 73326136.000
[2017-12-19 20:38:00 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.sys_bytes': 222746880.000
[2017-12-19 20:38:00 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.malloc_count': 109195904.000
[2017-12-19 20:38:00 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.free_count': 108409568.000
[2017-12-19 20:38:00 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.heap_objects': 786342.000
[2017-12-19 20:38:00 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.total_gc_pause_ns': 150293024.000
[2017-12-19 20:38:00 +0000 UTC][G] 'vault.7f320e57f9fe.expire.num_leases': 5100.000
[2017-12-19 20:38:00 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.num_goroutines': 39.000
[2017-12-19 20:38:00 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.total_gc_runs': 232.000
[2017-12-19 20:38:00 +0000 UTC][S] 'vault.route.rollback.consul-': Count: 1 Sum: 0.013 LastUpdated: 2017-12-19 20:38:01.968471579 +0000 UTC m=+10465.811842067
[2017-12-19 20:38:00 +0000 UTC][S] 'vault.rollback.attempt.consul-': Count: 1 Sum: 0.073 LastUpdated: 2017-12-19 20:38:01.968502743 +0000 UTC m=+10465.811873131
[2017-12-19 20:38:00 +0000 UTC][S] 'vault.rollback.attempt.pki-': Count: 1 Sum: 0.070 LastUpdated: 2017-12-19 20:38:01.96867005 +0000 UTC m=+10465.812041936
[2017-12-19 20:38:00 +0000 UTC][S] 'vault.route.rollback.auth-app-id-': Count: 1 Sum: 0.012 LastUpdated: 2017-12-19 20:38:01.969146401 +0000 UTC m=+10465.812516689
[2017-12-19 20:38:00 +0000 UTC][S] 'vault.rollback.attempt.identity-': Count: 1 Sum: 0.063 LastUpdated: 2017-12-19 20:38:01.968029888 +0000 UTC m=+10465.811400276
[2017-12-19 20:38:00 +0000 UTC][S] 'vault.rollback.attempt.database-': Count: 1 Sum: 0.066 LastUpdated: 2017-12-19 20:38:01.969394215 +0000 UTC m=+10465.812764603
[2017-12-19 20:38:00 +0000 UTC][S] 'vault.barrier.get': Count: 16 Min: 0.010 Mean: 0.015 Max: 0.031 Stddev: 0.005 Sum: 0.237 LastUpdated: 2017-12-19 20:38:01.983268118 +0000 UTC m=+10465.826637008
[2017-12-19 20:38:00 +0000 UTC][S] 'vault.merkle.flushDirty': Count: 100 Min: 0.006 Mean: 0.024 Max: 0.098 Stddev: 0.019 Sum: 2.386 LastUpdated: 2017-12-19 20:38:09.848158309 +0000 UTC m=+10473.691527099
```
You'll note that log entries are prefixed with the metric type as follows:
- **[C]** is a counter. Counters are cumulative metrics that are incremented when some event occurs, and resets at the end of reporting intervals. Vault retains counters and other metrics for one minute in-memory, so an [aggregation solution][telemetry-stanza] must be configured to see accurate and persistent counters over time.
- **[G]** is a gauge. Gauges provide measurements of current values.
- **[S]** is a summary. Summaries provide sample observations of values. Vault commonly uses summaries for measuring the timing duration of discrete events in the reporting interval.
The following sections describe the available Vault metrics. The metrics interval are approximately 10 seconds when manually triggering metrics output using the above-described signals. Some high-cardinality gauges, like `vault.kv.secret.count`, are emitted every 10 minutes, or at an interval configured in the `telemetry` stanza.
Some Vault metrics come with additional [labels](#metric-labels) describing the measurement in more detail, such as the namespace in which an operation takes place or the auth method used to create a token. This additional information is incorporated into the metrics name in the in-memory telemetry or other telemetry engines that do not support labels. The metric name in the table below is followed by a list of labels supported, in the order in which they appear, if flattened.
## Audit metrics
These metrics relate to auditing.
| Metric | Description | Unit | Type |
| :--------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :------- | :------ |
| `vault.audit.log_request` | Duration of time taken by all audit log requests across all audit log devices | ms | summary |
| `vault.audit.log_response` | Duration of time taken by audit log responses across all audit log devices | ms | summary |
| `vault.audit.log_request_failure` | Number of audit log request failures. **NOTE**: This is a crucial metric. A non-zero value here indicates that there was a failure to send an audit log request to a configured audit log devices occured. If Vault cannot log into a configured audit log device, it ceases all user operations. When this metric increases regularly, it is suggested to troubleshoot the audit log devices immediately. | failures | counter |
| `vault.audit.log_response_failure` | Number of audit log response failures. **NOTE**: This is a crucial metric. A non-zero value here indicates that there was a failure to receive a response to a request made to one of the configured audit log devices occured. When Vault cannot log to a configured audit log devices, it ceases all user operations. Troubleshooting the audit log devices is suggested when a consistent value of this metric is evaluated. | failures | counter |
**NOTE:** In addition, there are audit metrics for each enabled audit device represented as `vault.audit.<type>.log_request`. For example, if a file audit device is enabled, its metrics would be `vault.audit.file.log_request` and `vault.audit.file.log_response` .
## Core metrics
These metrics represent operational aspects of the running Vault instance.
| Metric | Description | Unit | Type |
| :-------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | :----------- | :------ |
| `vault.barrier.delete` | Duration of time taken by DELETE operations at the barrier | ms | summary |
| `vault.barrier.get` | Duration of time taken by GET operations at the barrier | ms | summary |
| `vault.barrier.put` | Duration of time taken by PUT operations at the barrier | ms | summary |
| `vault.barrier.list` | Duration of time taken by LIST operations at the barrier | ms | summary |
| `vault.cache.hit` | Number of times a value was retrieved from the LRU cache. | cache hit | counter |
| `vault.cache.miss` | Number of times a value was not in the LRU cache. The results in a read from the configured storage. | cache miss | counter |
| `vault.cache.write` | Number of times a value was written to the LRU cache. | cache write | counter |
| `vault.cache.delete` | Number of times a value was deleted from the LRU cache. This does not count cache expirations. | cache delete | counter |
| `vault.core.active` | Has a value 1 when the vault node is active, and 0 when node is in standby. | bool | gauge |
| `vault.core.activity.fragment_size` | Number of entities or tokens (depending on the "type" label) observed by the local node. | tokens | counter |
| `vault.core.activity.segment_write` | Duration of time taken writing activity log segments to storage. | ms | summary |
| `vault.core.check_token` | Duration of time taken by token checks handled by Vault core | ms | summary |
| `vault.core.fetch_acl_and_token` | Duration of time taken by ACL and corresponding token entry fetches handled by Vault core | ms | summary |
| `vault.core.handle_request` | Duration of time taken by non-login requests handled by Vault core | ms | summary |
| `vault.core.handle_login_request` | Duration of time taken by login requests handled by Vault core | ms | summary |
| `vault.core.in_flight_requests` | Number of in-flight requests. | requests | gauge |
| `vault.core.leadership_setup_failed` | Duration of time taken by cluster leadership setup failures which have occurred in a highly available Vault cluster. This should be monitored and alerted on for overall cluster leadership status. | ms | summary |
| `vault.core.leadership_lost` | The total duration that a HA cluster node maintained leadership as reported at the last time of loss. If metric is present and has a count greater than zero, that means a leadership change has occurred. Continuing changes or reports of low value could be a cause for monitoring alerts as they would typically imply ongoing flapping of leadership that may rotate between nodes. | ms | summary |
| `vault.core.license.expiration_time_epoch` | Time as epoch (seconds since Jan 1 1970) at which license will expire. | seconds | gauge |
| `vault.core.locked_users` | Number of locked users in Vault. This measurement is performed every 15 minutes. | locked users | gauge |
| `vault.core.mount_table.num_entries` | Number of mounts in a particular mount table. This metric is labeled by table type (auth or logical) and whether or not the table is replicated (local or not) | objects | gauge |
| `vault.core.mount_table.size` | Size of a particular mount table. This metric is labeled by table type (auth or logical) and whether or not the table is replicated (local or not) | bytes | gauge |
| `vault.core.post_unseal` | Duration of time taken by post-unseal operations handled by Vault core | ms | summary |
| `vault.core.pre_seal` | Duration of time taken by pre-seal operations | ms | summary |
| `vault.core.seal-with-request` | Duration of time taken by requested seal operations | ms | summary |
| `vault.core.seal` | Duration of time taken by seal operations | ms | summary |
| `vault.core.seal-internal` | Duration of time taken by internal seal operations | ms | summary |
| `vault.core.step_down` | Duration of time taken by cluster leadership step downs. This should be monitored, and alerts set for overall cluster leadership status. | ms | summary |
| `vault.core.unseal` | Duration of time taken by unseal operations | ms | summary |
| `vault.core.unsealed` | Has a value 1 when Vault is unsealed, and 0 when Vault is sealed. | bool | gauge |
| `vault.metrics.collection` (cluster,gauge) | Time taken to collect usage gauges, labeled by gauge type. | summary |
| `vault.metrics.collection.interval` (cluster,gauge) | The current value of usage gauge collection interval. | summary |
| `vault.metrics.collection.error` (cluster,gauge) | Errors while collection usage gauges, labeled by gauge type. | counter |
| `vault.rollback.attempt.<mountpoint>` | Time taken to perform a rollback operation on the given mount point. The mount point name has its forward slashes `/` replaced by `-`. For example, a rollback operation on the `auth/token` backend is reported as `vault.rollback.attempt.auth-token-`. | ms | summary |
| `vault.route.create.<mountpoint>` | Time taken to dispatch a create operation to a backend, and for that backend to process it. The mount point name has its forward slashes `/` replaced by `-`. For example, a create operation to `ns1/secret/` would have corresponding metric `vault.route.create.ns1-secret-`. The number of samples of this metric, and the corresponding ones for other operations below, indicates how many operations were performed per mount point. | ms | summary |
| `vault.route.delete.<mountpoint>` | Time taken to dispatch a delete operation to a backend, and for that backend to process it. | ms | summary |
| `vault.route.list.<mountpoint>` | Time taken to dispatch a list operation to a backend, and for that backend to process it. | ms | summary |
| `vault.route.read.<mountpoint>` | Time taken to dispatch a read operation to a backend, and for that backend to process it. | ms | summary |
| `vault.route.rollback.<mountpoint>` | Time taken to dispatch a rollback operation to a backend, and for that backend to process it. Rollback operations are automatically scheduled to clean up partial errors. | ms | summary |
## Runtime metrics
These metrics collect information from Vault's Go runtime, such as memory usage information.
| Metric | Description | Unit | Type |
| :-------------------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------- | :--------- | :------ |
| `vault.runtime.alloc_bytes` | Number of bytes allocated by the Vault process. The number of bytes may peak from time to time, but should return to a steady state value. | bytes | gauge |
| `vault.runtime.free_count` | Number of freed objects | objects | gauge |
| `vault.runtime.heap_objects` | Number of objects on the heap. This is a good general memory pressure indicator worth establishing a baseline and thresholds for alerting. | objects | gauge |
| `vault.runtime.malloc_count` | Cumulative count of allocated heap objects | objects | gauge |
| `vault.runtime.num_goroutines` | Number of go routines. This serves as a general system load indicator worth establishing a baseline and thresholds for alerting. | go routines | gauge |
| `vault.runtime.sys_bytes` | Number of bytes allocated to Vault. This includes what is being used by Vault's heap and what has been reclaimed but not given back to the operating system. | bytes | gauge |
| `vault.runtime.total_gc_pause_ns` | The total garbage collector pause time since Vault was last started | ns | gauge |
| `vault.runtime.gc_pause_ns` | Total duration of the last garbage collection run | ns | summary |
| `vault.runtime.total_gc_runs` | Total number of garbage collection runs since Vault was last started | operations | gauge |
## Policy metrics
These metrics report measurements of the time spent performing policy operations.
| Metric | Description | Unit | Type |
| :--------------------------- | :---------------------------- | :--- | :------ |
| `vault.policy.get_policy` | Time taken to get a policy | ms | summary |
| `vault.policy.list_policies` | Time taken to list policies | ms | summary |
| `vault.policy.delete_policy` | Time taken to delete a policy | ms | summary |
| `vault.policy.set_policy` | Time taken to set a policy | ms | summary |
## Token, identity, and lease metrics
These metrics cover the measurement of token, identity, and lease operations, and counts of the number of such objects managed by Vault.
| Metric | Description | Unit | Type |
| :---------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | :------- | :------ |
| `vault.expire.fetch-lease-times` | Time taken to retrieve lease times | ms | summary |
| `vault.expire.fetch-lease-times-by-token` | Time taken to retrieve lease times by token | ms | summary |
| `vault.expire.num_leases` | Number of all leases which are eligible for eventual expiry | leases | gauge |
| `vault.expire.num_irrevocable_leases` | Number of leases that cannot be revoked automatically | leases | gauge |
| `vault.expire.leases.by_expiration` (cluster,gauge,expiring,namespace) | The number of leases set to expire, grouped by a time interval. This specific time interval and the total number of time intervals are configurable via `lease_metrics_epsilon` and `num_lease_metrics_buckets` in the telemetry stanza of a vault server configuration. The default values for these are `1hr` and `168` respectively, so the metric will report the number of leases that will expire each hour from the current time to a week from the present time. You can additionally group lease expiration by namespace by setting `add_lease_metrics_namespace_labels` to `true` in the config file (default is `false`). | leases | gauge |
| `vault.expire.job_manager.total_jobs` | Total pending revocation jobs | leases | summary |
| `vault.expire.job_manager.queue_length` | Total pending revocation jobs by auth method | leases | summary |
| `vault.expire.lease_expiration` | Count of lease expirations | leases | counter |
| `vault.expire.lease_expiration.time_in_queue` | Time taken for lease to get to the front of the revoke queue | ms | summary |
| `vault.expire.lease_expiration.error` | Count of lease expiration errors | errors | counter |
| `vault.expire.revoke` | Time taken to revoke a token | ms | summary |
| `vault.expire.revoke-force` | Time taken to revoke a token forcibly | ms | summary |
| `vault.expire.revoke-prefix` | Time taken to revoke tokens on a prefix | ms | summary |
| `vault.expire.revoke-by-token` | Time taken to revoke all secrets issued with a given token | ms | summary |
| `vault.expire.renew` | Time taken to renew a lease | ms | summary |
| `vault.expire.renew-token` | Time taken to renew a token which does not need to invoke a logical backend | ms | summary |
| `vault.expire.register` | Time taken for register operations | ms | summary |
| `vault.expire.register-auth` | Time taken for register authentication operations which create lease entries without lease ID | ms | summary |
| `vault.identity.num_entities` | The number of identity entities stored in Vault | entities | gauge |
| `vault.identity.entity.active.monthly` (cluster, namespace) | The number of distinct entities that created a token during the past month, per namespace. Only available if client count is enabled. Reported at the start of each month. | entities | gauge |
| `vault.identity.entity.active.partial_month` (cluster) | The total number of distinct entities that has created a token during the current month. Only available if client count is enabled. Reported periodically within each month. | entities | gauge |
| `vault.identity.entity.active.reporting_period` (cluster, namespace) | The client count default reporting period defines the number of distinct entities that created a token in the past N months, as defined by the client count default reporting period. Only available if client count is enabled. Reported at the start of each month. | entities | gauge |
| `vault.identity.entity.alias.count` (cluster, namespace, auth_method, mount_point) | The number of identity entities aliases stored in Vault, grouped by the auth mount that created them. This gauge is computed every 10 minutes. | aliases | gauge |
| `vault.identity.entity.count` (cluster, namespace) | The number of identity entities stored in Vault, grouped by namespace. | entities | gauge |
| `vault.identity.entity.creation` (cluster, namespace, auth_method, mount_point) | The number of identity entities created, grouped by the auth mount that created them. | entities | counter |
| `vault.identity.upsert_entity_txn` | Time taken to insert a new or modified entity into the in-memory database, and persist it to storage. | ms | summary |
| `vault.identity.upsert_group_txn` | Time taken to insert a new or modified group into the in-memory database, and persist it to storage. This operation is performed on group membership changes. | ms | summary |
| `vault.token.count` (cluster, namespace) | Number of service tokens available for use; counts all un-expired and un-revoked tokens in Vault's token store. This measurement is performed every 10 minutes. | token | gauge |
| `vault.token.count.by_auth` (cluster, namespace, auth_method) | Number of service tokens that were created by a particular auth method. | tokens | gauge |
| `vault.token.count.by_policy` (cluster, namespace, policy) | Number of service tokens that have a particular policy attached. If a token has more than one policy, it is counted in each policy gauge. | tokens | gauge |
| `vault.token.count.by_ttl` (cluster, namespace, creation_ttl) | Number of service tokens, grouped by the TTL range they were assigned at creation. | tokens | gauge |
| `vault.token.create` | The time taken to create a token | ms | summary |
| `vault.token.create_root` | Number of created root tokens. Does not decrease on revocation. | tokens | counter |
| `vault.token.createAccessor` | The time taken to create a token accessor | ms | summary |
| `vault.token.creation` (cluster, namespace, auth_method, mount_point, creation_ttl, token_type) | Number of service or batch tokens created. | tokens | counter |
| `vault.token.lookup` | The time taken to look up a token | ms | summary |
| `vault.token.revoke` | Time taken to revoke a token | ms | summary |
| `vault.token.revoke-tree` | Time taken to revoke a token tree | ms | summary |
| `vault.token.store` | Time taken to store an updated token entry without writing to the secondary index | ms | summary |
## Resource quota metrics
These metrics relate to rate limit and lease count quotas. Each metric comes with a label "name" identifying the specific quota.
| Metric | Description | Unit | Type |
| :---------------------------------- | :---------------------------------------------------------------- | :---- | :------ |
| `vault.quota.rate_limit.violation` | Total number of rate limit quota violations | quota | counter |
| `vault.quota.lease_count.violation` | Total number of lease count quota violations | quota | counter |
| `vault.quota.lease_count.max` | Total maximum number of leases allowed by the lease count quota | lease | gauge |
| `vault.quota.lease_count.counter` | Total current number of leases generated by the lease count quota | lease | gauge |
## Merkle tree and write ahead log metrics
These metrics relate to internal operations on Merkle Trees and Write Ahead Logs (WAL)
| Metric | Description | Unit | Type |
| :------------------------------------------ | :-------------------------------------------------------------------------- | :---- | :------ |
| `vault.merkle.flushDirty` | Time taken to flush any dirty pages to cold storage | ms | summary |
| `vault.merkle.flushDirty.num_pages` | Number of pages flushed | pages | gauge |
| `vault.merkle.flushDirty.outstanding_pages` | Number of pages that were not flushed | pages | gauge |
| `vault.merkle.saveCheckpoint` | Time taken to save the checkpoint | ms | summary |
| `vault.merkle.saveCheckpoint.num_dirty` | Number of dirty pages at checkpoint | pages | gauge |
| `vault.wal.deleteWALs` | Time taken to delete a Write Ahead Log (WAL) | ms | summary |
| `vault.wal.gc.deleted` | Number of Write Ahead Logs (WAL) deleted during each garbage collection run | WAL | gauge |
| `vault.wal.gc.total` | Total Number of Write Ahead Logs (WAL) on disk | WAL | gauge |
| `vault.wal.loadWAL` | Time taken to load a Write Ahead Log (WAL) | ms | summary |
| `vault.wal.persistWALs` | Time taken to persist a Write Ahead Log (WAL) | ms | summary |
| `vault.wal.flushReady` | Time taken to flush a ready Write Ahead Log (WAL) to storage | ms | summary |
| `vault.wal.flushReady.queue_len` | Size of the write queue in the WAL system | WAL | summary |
## HA metrics
These metrics are emitted on standbys when talking to the active node, and in some cases by performance standbys as well.
| Metric | Description | Unit | Type |
| :----------------------------------- | :------------------------------------------------------------------- | :----- | :------ |
| `vault.ha.rpc.client.forward` | Time taken to forward a request from a standby to the active node | ms | summary |
| `vault.ha.rpc.client.forward.errors` | Number of standby requests forwarding failures | errors | counter |
| `vault.ha.rpc.client.echo` | Time taken to send an echo request from a standby to the active node | ms | summary |
| `vault.ha.rpc.client.echo.errors` | Number of standby echo request failures | errors | counter |
## Replication metrics
These metrics relate to [Vault Enterprise Replication](/vault/docs/enterprise/replication). The following metrics are not available in telemetry unless replication is in an unhealthy state: `replication.fetchRemoteKeys`, `replication.merkleDiff`, and `replication.merkleSync`.
| Metric | Description | Unit | Type |
|:--------------------------------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------| :-------------- | :------ |
| `vault.core.replication.performance.primary` | Set to 1 if this is a performance primary, 0 if not | boolean | gauge |
| `vault.core.replication.performance.secondary` | Set to 1 if this is a performance secondary, 0 if not | boolean | gauge |
| `vault.core.replication.dr.primary` | Set to 1 if this is a DR primary, 0 if not | boolean | gauge |
| `vault.core.replication.dr.secondary` | Set to 1 if this is a DR secondary, 0 if not | boolean | gauge |
| `vault.core.replication.write_undo_logs` | Set to 1 if undo logs are enabled, 0 if not | boolean | gauge |
| `vault.core.performance_standby` | Set to 1 if this is a performance standby, 0 if not | boolean | gauge |
| `vault.logshipper.streamWALs.missing_guard` | Number of incidences where the starting Merkle Tree index used to begin streaming WAL entries is not matched/found | missing guards | counter |
| `vault.logshipper.streamWALs.guard_found` | Number of incidences where the starting Merkle Tree index used to begin streaming WAL entries is matched/found | found guards | counter |
| `vault.logshipper.streamWALs.scanned_entries` | Number of entries scanned in the buffer before the right one was found. | scanned entries | summary |
| `vault.logshipper.buffer.length` | Current length of the log shipper buffer | buffer entries | gauge |
| `vault.logshipper.buffer.size` | Current size in bytes of the log shipper buffer | bytes | gauge |
| `vault.logshipper.buffer.max_length` | Maximum length of the log shipper buffer | buffer entries | gauge |
| `vault.logshipper.buffer.max_size` | Maximum size in bytes of the log shipper buffer | bytes | gauge |
| `vault.replication.fetchRemoteKeys` | Time taken to fetch keys from a remote cluster participating in replication prior to Merkle Tree based delta generation | ms | summary |
| `vault.replication.merkleDiff` | Time taken to perform a Merkle Tree based delta generation between the clusters participating in replication | ms | summary |
| `vault.replication.merkleSync` | Time taken to perform a Merkle Tree based synchronization using the last delta generated between the clusters participating in replication | ms | summary |
| `vault.replication.merkle.commit_index` | The last committed index in the Merkle Tree. | sequence number | gauge |
| `vault.replication.wal.last_wal` | The index of the last WAL | sequence number | gauge |
| `vault.replication.wal.last_dr_wal` | The index of the last DR WAL | sequence number | gauge |
| `vault.replication.wal.last_performance_wal` | The index of the last Performance WAL | sequence number | gauge |
| `vault.replication.fsm.last_remote_wal` | The index of the last remote WAL | sequence number | gauge |
| `vault.replication.wal.gc` | Time taken to complete one run of the WAL garbage collection process | ms | summary |
| `vault.replication.rpc.server.auth_request` | Duration of time taken by auth request | ms | summary |
| `vault.replication.rpc.server.bootstrap_request` | Duration of time taken by bootstrap request | ms | summary |
| `vault.replication.rpc.server.conflicting_pages_request` | Duration of time taken by conflicting pages request | ms | summary |
| `vault.replication.rpc.server.echo` | Duration of time taken by echo | ms | summary |
| `vault.replication.rpc.server.save_mfa_response_auth` | Duration of time taken by saving MFA auth response | ms | summary |
| `vault.replication.rpc.server.forwarding_request` | Duration of time taken by forwarding request | ms | summary |
| `vault.replication.rpc.server.guard_hash_request` | Duration of time taken by guard hash request | ms | summary |
| `vault.replication.rpc.server.persist_alias_request` | Duration of time taken by persist alias request | ms | summary |
| `vault.replication.rpc.server.persist_persona_request` | Duration of time taken by persist persona request | ms | summary |
| `vault.replication.rpc.server.stream_wals_request` | Duration of time taken by stream wals request | ms | summary |
| `vault.replication.rpc.server.sub_page_hashes_request` | Duration of time taken by sub page hashes request | ms | summary |
| `vault.replication.rpc.server.sync_counter_request` | Duration of time taken by sync counter request | ms | summary |
| `vault.replication.rpc.server.upsert_group_request` | Duration of time taken by upsert group request | ms | summary |
| `vault.replication.rpc.client.conflicting_pages` | Duration of time taken by client conflicting pages request | ms | summary |
| `vault.replication.rpc.client.fetch_keys` | Duration of time taken by client fetch keys request | ms | summary |
| `vault.replication.rpc.client.forward` | Duration of time taken by client forward request | ms | summary |
| `vault.replication.rpc.client.guard_hash` | Duration of time taken by client guard hash request | ms | summary |
| `vault.replication.rpc.client.persist_alias` | Duration of time taken by | ms | summary |
| `vault.replication.rpc.client.register_auth` | Duration of time taken by client register auth request | ms | summary |
| `vault.replication.rpc.client.register_lease` | Duration of time taken by client register lease request | ms | summary |
| `vault.replication.rpc.client.stream_wals` | Duration of time taken by client s | ms | summary |
| `vault.replication.rpc.client.sub_page_hashes` | Duration of time taken by client sub page hashes request | ms | summary |
| `vault.replication.rpc.client.sync_counter` | Duration of time taken by client sync counter request | ms | summary |
| `vault.replication.rpc.client.upsert_group` | Duration of time taken by client upstert group request | ms | summary |
| `vault.replication.rpc.client.wrap_in_cubbyhole` | Duration of time taken by client wrap in cubbyhole request | ms | summary |
| `vault.replication.rpc.client.save_mfa_response_auth` | Duration of time taken by client saving MFA auth response | ms | summary |
| `vault.replication.rpc.dr.server.echo` | Duration of time taken by DR echo request | ms | summary |
| `vault.replication.rpc.dr.server.fetch_keys_request` | Duration of time taken by DR fetch keys request | ms | summary |
| `vault.replication.rpc.standby.server.echo` | Duration of time taken by standby echo request | ms | summary |
| `vault.replication.rpc.standby.server.register_auth_request` | Duration of time taken by standby register auth request | ms | summary |
| `vault.replication.rpc.standby.server.register_lease_request` | Duration of time taken by standby register lease request | ms | summary |
| `vault.replication.rpc.standby.server.wrap_token_request` | Duration of time taken by standby wrap token request | ms | summary |
| `vault.replication.rpc.client.create_token_register_auth_lease` | Duration of time taken by client create token request | ms | summary |
| `vault.replication.rpc.standby.server.create_token_register_auth_lease_request` | Duration of time taken by standby create token request | ms | summary |
## Secrets engines metrics
These metrics relate to the supported [secrets engines][secrets-engines].
| Metric | Description | Unit | Type |
| :------------------------------------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :---------- | :------ |
| `database.Initialize` | Time taken to initialize a database secret engine across all database secrets engines | ms | summary |
| `database.<name>.Initialize` | Time taken to initialize a database secret engine for the named database secrets engine `<name>`, for example: `database.postgresql-prod.Initialize` | ms | summary |
| `database.Initialize.error` | Number of database secrets engine initialization operation errors across all database secrets engines | errors | counter |
| `database.<name>.Initialize.error` | Number of database secrets engine initialization operation errors for the named database secrets engine `<name>`, for example: `database.postgresql-prod.Initialize.error` | errors | counter |
| `database.Close` | Time taken to close a database secret engine across all database secrets engines | ms | summary |
| `database.<name>.Close` | Time taken to close a database secret engine for the named database secrets engine `<name>`, for example: `database.postgresql-prod.Close` | ms | summary |
| `database.Close.error` | Number of database secrets engine close operation errors across all database secrets engines | errors | counter |
| `database.<name>.Close.error` | Number of database secrets engine close operation errors for the named database secrets engine `<name>`, for example: `database.postgresql-prod.Close.error` | errors | counter |
| `database.CreateUser` | Time taken to create a user across all database secrets engines | ms | summary |
| `database.<name>.CreateUser` | Time taken to create a user for the named database secrets engine `<name>` | ms | summary |
| `database.CreateUser.error` | Number of user creation operation errors across all database secrets engines | errors | counter |
| `database.<name>.CreateUser.error` | Number of user creation operation errors for the named database secrets engine `<name>`, for example: `database.postgresql-prod.CreateUser.error` | errors | counter |
| `database.RenewUser` | Time taken to renew a user across all database secrets engines | ms | summary |
| `database.<name>.RenewUser` | Time taken to renew a user for the named database secrets engine `<name>`, for example: `database.postgresql-prod.RenewUser` | ms | summary |
| `database.RenewUser.error` | Number of user renewal operation errors across all database secrets engines | errors | counter |
| `database.<name>.RenewUser.error` | Number of user renewal operations for the named database secrets engine `<name>`, for example: `database.postgresql-prod.RenewUser.error` | errors | counter |
| `database.RevokeUser` | Time taken to revoke a user across all database secrets engines | ms | summary |
| `database.<name>.RevokeUser` | Time taken to revoke a user for the named database secrets engine `<name>`, for example: `database.postgresql-prod.RevokeUser` | ms | summary |
| `database.RevokeUser.error` | Number of user revocation operation errors across all database secrets engines | errors | counter |
| `database.<name>.RevokeUser.error` | Number of user revocation operations for the named database secrets engine `<name>`, for example: `database.postgresql-prod.RevokeUser.error` | errors | counter |
| `secrets.pki.tidy.cert_store_current_entry` | The index of the current entry in the certificate store being verified by the tidy operation | entry index | gauge |
| `secrets.pki.tidy.cert_store_deleted_count` | Number of entries deleted from the certificate store | entry | counter |
| `secrets.pki.tidy.cert_store_total_entries` | Number of entries in the certificate store to verify during the tidy operation | entry | gauge |
| `secrets.pki.tidy.cert_store_total_entries_remaining` | Number of entries in the certificate store that are left after the tidy operation (checked but not removed). | entry | gauge |
| `secrets.pki.tidy.duration` | Duration of time taken by the PKI tidy operation | ms | summary |
| `secrets.pki.tidy.failure` | Number of times the PKI tidy operation has not completed due to errors | operations | counter |
| `secrets.pki.tidy.revoked_cert_current_entry` | The index of the current revoked certificate entry in the certificate store being verified by the tidy operation | entry index | gauge |
| `secrets.pki.tidy.revoked_cert_deleted_count` | Number of entries deleted from the certificate store for revoked certificates | entry | counter |
| `secrets.pki.tidy.revoked_cert_total_entries` | Number of entries in the certificate store for revoked certificates to verify during the tidy operation | entry | gauge |
| `secrets.pki.tidy.revoked_cert_total_entries_remaining` | Number of entries in the certificate store for revoked certificates that are left after the tidy operation (checked but not removed). | entry | gauge |
| `secrets.pki.tidy.revoked_cert_total_entries_incorrect_issuers` | Number of entries in the certificate store which had incorrect issuer information (total). | entry | gauge |
| `secrets.pki.tidy.revoked_cert_total_entries_fixed_issuers` | Number of entries in the certificate store which had incorrect issuer information that was fixed during this tidy operation. | entry | gauge |
| `secrets.pki.tidy.start_time_epoch` | Start time (as seconds since Jan 1 1970) when the PKI tidy operation is active, 0 otherwise | seconds | gauge |
| `secrets.pki.tidy.success` | Number of times the PKI tidy operation has been completed successfully | operations | counter |
| `vault.secret.kv.count` (cluster, namespace, mount_point) | Number of entries in each key-value secret engine. | paths | gauge |
| `vault.secret.lease.creation` (cluster, namespace, secret_engine, mount_point, creation_ttl) | Counts the number of leases created by secret engines. | leases | counter |
## Storage backend metrics
These metrics relate to the supported [storage backends][storage-backends].
| Metric | Description | Unit | Type |
| :-------------------------- | :--------------------------------------------------------------------------------------------------------------------- | :--- | :------ |
| `vault.azure.put` | Duration of a PUT operation against the [Azure storage backend][azure-storage-backend] | ms | summary |
| `vault.azure.get` | Duration of a GET operation against the [Azure storage backend][azure-storage-backend] | ms | summary |
| `vault.azure.delete` | Duration of a DELETE operation against the [Azure storage backend][azure-storage-backend] | ms | summary |
| `vault.azure.list` | Duration of a LIST operation against the [Azure storage backend][azure-storage-backend] | ms | summary |
| `vault.cassandra.put` | Duration of a PUT operation against the [Cassandra storage backend][cassandra-storage-backend] | ms | summary |
| `vault.cassandra.get` | Duration of a GET operation against the [Cassandra storage backend][cassandra-storage-backend] | ms | summary |
| `vault.cassandra.delete` | Duration of a DELETE operation against the [Cassandra storage backend][cassandra-storage-backend] | ms | summary |
| `vault.cassandra.list` | Duration of a LIST operation against the [Cassandra storage backend][cassandra-storage-backend] | ms | summary |
| `vault.cockroachdb.put` | Duration of a PUT operation against the [CockroachDB storage backend][cockroachdb-storage-backend] | ms | summary |
| `vault.cockroachdb.get` | Duration of a GET operation against the [CockroachDB storage backend][cockroachdb-storage-backend] | ms | summary |
| `vault.cockroachdb.delete` | Duration of a DELETE operation against the [CockroachDB storage backend][cockroachdb-storage-backend] | ms | summary |
| `vault.cockroachdb.list` | Duration of a LIST operation against the [CockroachDB storage backend][cockroachdb-storage-backend] | ms | summary |
| `vault.consul.put` | Duration of a PUT operation against the [Consul storage backend][consul-storage-backend] | ms | summary |
| `vault.consul.transaction` | Duration of a Txn operation against the [Consul storage backend][consul-storage-backend] | ms | summary |
| `vault.consul.get` | Duration of a GET operation against the [Consul storage backend][consul-storage-backend] | ms | summary |
| `vault.consul.delete` | Duration of a DELETE operation against the [Consul storage backend][consul-storage-backend] | ms | summary |
| `vault.consul.list` | Duration of a LIST operation against the [Consul storage backend][consul-storage-backend] | ms | summary |
| `vault.couchdb.put` | Duration of a PUT operation against the [CouchDB storage backend][couchdb-storage-backend] | ms | summary |
| `vault.couchdb.get` | Duration of a GET operation against the [CouchDB storage backend][couchdb-storage-backend] | ms | summary |
| `vault.couchdb.delete` | Duration of a DELETE operation against the [CouchDB storage backend][couchdb-storage-backend] | ms | summary |
| `vault.couchdb.list` | Duration of a LIST operation against the [CouchDB storage backend][couchdb-storage-backend] | ms | summary |
| `vault.dynamodb.put` | Duration of a PUT operation against the [DynamoDB storage backend][dynamodb-storage-backend] | ms | summary |
| `vault.dynamodb.get` | Duration of a GET operation against the [DynamoDB storage backend][dynamodb-storage-backend] | ms | summary |
| `vault.dynamodb.delete` | Duration of a DELETE operation against the [DynamoDB storage backend][dynamodb-storage-backend] | ms | summary |
| `vault.dynamodb.list` | Duration of a LIST operation against the [DynamoDB storage backend][dynamodb-storage-backend] | ms | summary |
| `vault.etcd.put` | Duration of a PUT operation against the [etcd storage backend][etcd-storage-backend] | ms | summary |
| `vault.etcd.get` | Duration of a GET operation against the [etcd storage backend][etcd-storage-backend] | ms | summary |
| `vault.etcd.delete` | Duration of a DELETE operation against the [etcd storage backend][etcd-storage-backend] | ms | summary |
| `vault.etcd.list` | Duration of a LIST operation against the [etcd storage backend][etcd-storage-backend] | ms | summary |
| `vault.gcs.put` | Duration of a PUT operation against the [Google Cloud Storage storage backend][gcs-storage-backend] | ms | summary |
| `vault.gcs.get` | Duration of a GET operation against the [Google Cloud Storage storage backend][gcs-storage-backend] | ms | summary |
| `vault.gcs.delete` | Duration of a DELETE operation against the [Google Cloud Storage storage backend][gcs-storage-backend] | ms | summary |
| `vault.gcs.list` | Duration of a LIST operation against the [Google Cloud Storage storage backend][gcs-storage-backend] | ms | summary |
| `vault.gcs.lock.unlock` | Duration of an UNLOCK operation against the [Google Cloud Storage storage backend][gcs-storage-backend] in HA mode | ms | summary |
| `vault.gcs.lock.lock` | Duration of a LOCK operation against the [Google Cloud Storage storage backend][gcs-storage-backend] in HA mode | ms | summary |
| `vault.gcs.lock.value` | Duration of a VALUE operation against the [Google Cloud Storage storage backend][gcs-storage-backend] in HA mode | ms | summary |
| `vault.mssql.put` | Duration of a PUT operation against the [MS-SQL storage backend][mssql-storage-backend] | ms | summary |
| `vault.mssql.get` | Duration of a GET operation against the [MS-SQL storage backend][mssql-storage-backend] | ms | summary |
| `vault.mssql.delete` | Duration of a DELETE operation against the [MS-SQL storage backend][mssql-storage-backend] | ms | summary |
| `vault.mssql.list` | Duration of a LIST operation against the [MS-SQL storage backend][mssql-storage-backend] | ms | summary |
| `vault.mysql.put` | Duration of a PUT operation against the [MySQL storage backend][mysql-storage-backend] | ms | summary |
| `vault.mysql.get` | Duration of a GET operation against the [MySQL storage backend][mysql-storage-backend] | ms | summary |
| `vault.mysql.delete` | Duration of a DELETE operation against the [MySQL storage backend][mysql-storage-backend] | ms | summary |
| `vault.mysql.list` | Duration of a LIST operation against the [MySQL storage backend][mysql-storage-backend] | ms | summary |
| `vault.postgres.put` | Duration of a PUT operation against the [PostgreSQL storage backend][postgresql-storage-backend] | ms | summary |
| `vault.postgres.get` | Duration of a GET operation against the [PostgreSQL storage backend][postgresql-storage-backend] | ms | summary |
| `vault.postgres.delete` | Duration of a DELETE operation against the [PostgreSQL storage backend][postgresql-storage-backend] | ms | summary |
| `vault.postgres.list` | Duration of a LIST operation against the [PostgreSQL storage backend][postgresql-storage-backend] | ms | summary |
| `vault.s3.put` | Duration of a PUT operation against the [Amazon S3 storage backend][s3-storage-backend] | ms | summary |
| `vault.s3.get` | Duration of a GET operation against the [Amazon S3 storage backend][s3-storage-backend] | ms | summary |
| `vault.s3.delete` | Duration of a DELETE operation against the [Amazon S3 storage backend][s3-storage-backend] | ms | summary |
| `vault.s3.list` | Duration of a LIST operation against the [Amazon S3 storage backend][s3-storage-backend] | ms | summary |
| `vault.spanner.put` | Duration of a PUT operation against the [Google Cloud Spanner storage backend][spanner-storage-backend] | ms | summary |
| `vault.spanner.get` | Duration of a GET operation against the [Google Cloud Spanner storage backend][spanner-storage-backend] | ms | summary |
| `vault.spanner.delete` | Duration of a DELETE operation against the [Google Cloud Spanner storage backend][spanner-storage-backend] | ms | summary |
| `vault.spanner.list` | Duration of a LIST operation against the [Google Cloud Spanner storage backend][spanner-storage-backend] | ms | summary |
| `vault.spanner.lock.unlock` | Duration of an UNLOCK operation against the [Google Cloud Spanner storage backend][spanner-storage-backend] in HA mode | ms | summary |
| `vault.spanner.lock.lock` | Duration of a LOCK operation against the [Google Cloud Spanner storage backend][spanner-storage-backend] in HA mode | ms | summary |
| `vault.spanner.lock.value` | Duration of a VALUE operation against the [Google Cloud Spanner storage backend][gcs-storage-backend] in HA mode | ms | summary |
| `vault.swift.put` | Duration of a PUT operation against the [Swift storage backend][swift-storage-backend] | ms | summary |
| `vault.swift.get` | Duration of a GET operation against the [Swift storage backend][swift-storage-backend] | ms | summary |
| `vault.swift.delete` | Duration of a DELETE operation against the [Swift storage backend][swift-storage-backend] | ms | summary |
| `vault.swift.list` | Duration of a LIST operation against the [Swift storage backend][swift-storage-backend] | ms | summary |
| `vault.zookeeper.put` | Duration of a PUT operation against the [ZooKeeper storage backend][zookeeper-storage-backend] | ms | summary |
| `vault.zookeeper.get` | Duration of a GET operation against the [ZooKeeper storage backend][zookeeper-storage-backend] | ms | summary |
| `vault.zookeeper.delete` | Duration of a DELETE operation against the [ZooKeeper storage backend][zookeeper-storage-backend] | ms | summary |
| `vault.zookeeper.list` | Duration of a LIST operation against the [ZooKeeper storage backend][zookeeper-storage-backend] | ms | summary |
## Integrated storage (Raft)
These metrics relate to raft based [integrated storage][integrated-storage].
| Metric | Description | Unit | Type |
| :---------------------------------------------------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :-------------------------------- | :------ |
| `vault.raft.apply` | Number of Raft transactions occurring over the interval, which is a general indicator of the write load on the Raft servers. | raft transactions / interval | counter |
| `vault.raft.barrier` | Number of times the node has started the barrier i.e the number of times it has issued a blocking call, to ensure that the node has all the pending operations that were queued, to be applied to the node's FSM. | blocks / interval | counter |
| `vault.raft.candidate.electSelf` | Time to request for a vote from a peer. | ms | summary |
| `vault.raft.commitNumLogs` | Number of logs processed for application to the FSM in a single batch. | logs | gauge |
| `vault.raft.commitTime` | Time to commit a new entry to the Raft log on the leader. | ms | timer |
| `vault.raft.compactLogs` | Time to trim the logs that are no longer needed. | ms | summary |
| `vault.raft.delete` | Time to delete file from raft's underlying storage. | ms | summary |
| `vault.raft.delete_prefix` | Time to delete files under a prefix from raft's underlying storage. | ms | summary |
| `vault.raft.fsm.apply` | Number of logs committed since the last interval. | commit logs / interval | summary |
| `vault.raft.fsm.applyBatch` | Time to apply batch of logs. | ms | summary |
| `vault.raft.fsm.applyBatchNum` | Number of logs applied in batch. | ms | summary |
| `vault.raft.fsm.enqueue` | Time to enqueue a batch of logs for the FSM to apply. | ms | timer |
| `vault.raft.fsm.restore` | Time taken by the FSM to restore its state from a snapshot. | ms | summary |
| `vault.raft.fsm.snapshot` | Time taken by the FSM to record the current state for the snapshot. | ms | summary |
| `vault.raft.fsm.store_config` | Time to store the configuration. | ms | summary |
| `vault.raft.get` | Time to retrieve file from raft's underlying storage. | ms | summary |
| `vault.raft.leader.dispatchLog` | Time for the leader to write log entries to disk. | ms | timer |
| `vault.raft.leader.dispatchNumLogs` | Number of logs committed to disk in a batch. | logs | gauge |
| `vault.raft.list` | Time to retrieve list of keys from raft's underlying storage. | ms | summary |
| `vault.raft.peers` | Number of peers in the raft cluster configuration. | peers | gauge |
| `vault.raft.put` | Time to persist key in raft's underlying storage. | ms | summary |
| `vault.raft.replication.appendEntries.log` | Number of logs replicated to a node, to bring it up to speed with the leader's logs. | logs appended / interval | counter |
| `vault.raft.replication.appendEntries.rpc` | Time taken by the append entries RFC, to replicate the log entries of a leader node onto its follower node(s). | ms | timer |
| `vault.raft.replication.heartbeat` | Time taken to invoke appendEntries on a peer, so that it doesnt timeout on a periodic basis. | ms | timer |
| `vault.raft.replication.installSnapshot` | Time taken to process the installSnapshot RPC call. This metric should only be seen on nodes which are currently in the follower state. | ms | timer |
| `vault.raft.restore` | Number of times the restore operation has been performed by the node. Here, restore refers to the action of raft consuming an external snapshot to restore its state. | operation invoked / interval | counter |
| `vault.raft.restoreUserSnapshot` | Time taken by the node to restore the FSM state from a user's snapshot. | ms | timer |
| `vault.raft.rpc.appendEntries` | Time taken to process an append entries RPC call from a node. | ms | timer |
| `vault.raft.rpc.appendEntries.processLogs` | Time taken to process the outstanding log entries of a node. | ms | timer |
| `vault.raft.rpc.appendEntries.storeLogs` | Time taken to add any outstanding logs for a node, since the last appendEntries was invoked. | ms | timer |
| `vault.raft.rpc.installSnapshot` | Time taken to process the installSnapshot RPC call. This metric should only be seen on nodes which are currently in the follower state. | ms | timer |
| `vault.raft.rpc.processHeartbeat` | Time taken to process a heartbeat request. | ms | timer |
| `vault.raft.rpc.requestVote` | Time taken to complete requestVote RPC call. | ms | summary |
| `vault.raft.snapshot.create` | Time taken to initialize the snapshot process. | ms | timer |
| `vault.raft.snapshot.persist` | Time taken to dump the current snapshot taken by the node to the disk. | ms | timer |
| `vault.raft.snapshot.takeSnapshot` | Total time involved in taking the current snapshot (creating one and persisting it) by the node. | ms | timer |
| `vault.raft.state.follower` | Number of times node has entered the follower mode. This happens when a new node joins the cluster or after the end of a leader election. | follower state entered / interval | counter |
| `vault.raft.transition.heartbeat_timeout` | Number of times node has transitioned to the Candidate state, after receiving no heartbeat messages from the last known leader. | timeouts / interval | counter |
| `vault.raft.transition.leader_lease_timeout` | Number of times quorum of nodes were not able to be contacted. | contact failures | counter |
| `vault.raft.verify_leader` | Number of times node checks whether it is still the leader or not. | checks / interval | counter |
| `vault.raft-storage.delete` | Time to insert log entry to delete path. | ms | timer |
| `vault.raft-storage.get` | Time to retrieve value for path from FSM. | ms | timer |
| `vault.raft-storage.put` | Time to insert log entry to persist path. | ms | timer |
| `vault.raft-storage.list` | Time to list all entries under the prefix from the FSM. | ms | timer |
| `vault.raft-storage.transaction` | Time to insert operations into a single log. | ms | timer |
| `vault.raft-storage.entry_size` | The total size of a Raft entry during log application in bytes. | bytes | summary |
| `vault.raft_storage.bolt.freelist.`<br/>`free_pages` | Number of free pages in the freelist. | pages | gauge |
| `vault.raft_storage.bolt.freelist.`<br/>`pending_pages` | Number of pending pages in the freelist. | pages | gauge |
| `vault.raft_storage.bolt.freelist.`<br/>`allocated_bytes` | Total bytes allocated in free pages. | bytes | gauge |
| `vault.raft_storage.bolt.freelist.`<br/>`used_bytes` | Total bytes used by the freelist. | bytes | gauge |
| `vault.raft_storage.bolt.transaction.`<br/>`started_read_transactions` | Number of started read transactions. | transactions | gauge |
| `vault.raft_storage.bolt.transaction.`<br/>`currently_open_read_transactions` | Number of currently open read transactions. | transactions | gauge |
| `vault.raft_storage.bolt.page.count` | Number of page allocations. | allocations | gauge |
| `vault.raft_storage.bolt.page.`<br/>`bytes_allocated` | Total bytes allocated. | bytes | gauge |
| `vault.raft_storage.bolt.cursor.count` | Number of cursors created. | cursors | gauge |
| `vault.raft_storage.bolt.node.count` | Number of node allocations. | nodes | gauge |
| `vault.raft_storage.bolt.node.dereferences` | Number of node dereferences. | dereferences | gauge |
| `vault.raft_storage.bolt.rebalance.count` | Number of node rebalances. | rebalances | gauge |
| `vault.raft_storage.bolt.rebalance.time` | Time taken rebalancing. | ms | summary |
| `vault.raft_storage.bolt.split.count` | Number of nodes split. | nodes | gauge |
| `vault.raft_storage.bolt.spill.count` | Number of nodes spilled. | nodes | gauge |
| `vault.raft_storage.bolt.spill.time` | Time taken spilling. | ms | summary |
| `vault.raft_storage.bolt.write.count` | Number of writes performed. | writes | gauge |
| `vault.raft_storage.bolt.write.time` | Time taken writing to disk. | ms | summary |
| `vault.raft_storage.stats.commit_index` | Index of last raft log committed to disk on this node. | sequence number | gauge |
| `vault.raft_storage.stats.applied_index` | Highest index of raft log either applied to the FSM or added to fsm_pending queue. | sequence number | gauge |
| `vault.raft_storage.stats.fsm_pending` | Number of raft logs this node has queued to be applied by the FSM. | logs | gauge |
| `vault.raft_storage.follower.applied_index_delta` | Delta between leader applied index and each follower's applied index reported by echoes. | logs | gauge |
| `vault.raft_storage.follower.last_heartbeat_ms` | Time since last echo request received by each follower. | ms | gauge |
## Integrated storage (Raft) autopilot
| Metric | Description | Unit | Type |
| :---------------------------------- | :---------------------------------------------------------------------------------------------------- | :---- | :---- |
| `vault.autopilot.node.healthy` | Set to 1 if the node_id is deemed healthy by Autopilot, 0 if not | bool | gauge |
| `vault.autopilot.healthy` | Set to 1 if Autopilot considers all nodes healthy | bool | gauge |
| `vault.autopilot.failure_tolerance` | How many nodes can be lost while maintaining quorum, i.e., number of healthy nodes in excess of quorum | nodes | gauge |
Since Autopilot runs only on the active node, these metrics are emitted by the active node only.
## Integrated storage (Raft) leadership changes
| Metric | Description | Unit | Type |
| :------------------------------ | :------------------------------------------------------------------------------------------------------------ | :-------- | :------ |
| `vault.raft.leader.lastContact` | Measures the time since the leader was last able to contact the follower nodes when checking its leader lease | ms | summary |
| `vault.raft.state.candidate` | Increments whenever raft server starts an election | Elections | counter |
| `vault.raft.state.leader` | Increments whenever raft server becomes a leader | Leaders | counter |
**Why are they vital?**: If frequent elections or leadership changes occur, it would likely indicate network issues between the raft nodes or the raft servers cannot keep up with the load.
**What to look for**: For a healthy cluster, you're looking for a lastContact
lower than 200ms, leader > 0 and candidate == 0. Deviations from this might
indicate flapping leadership.
## Integrated storage (Raft) automated snapshots
These metrics related to the Enterprise feature [Raft Automated Snapshots](/vault/docs/enterprise/automated-integrated-storage-snapshots).
| Metric | Description | Unit | Type |
| :------------------------------------------ | :-------------------------------------------------------------------------------------------- | :--------- | :------ |
| `vault.autosnapshots.total.snapshot.size` | For storage_type=local, space on disk used by saved snapshots | bytes | gauge |
| `vault.autosnapshots.percent.maxspace.used` | For storage_type=local, percent used of maximum allocated space | percentage | gauge |
| `vault.autosnapshots.save.errors` | Increments whenever an error occurs trying to save a snapshot | n/a | counter |
| `vault.autosnapshots.save.duration` | Measures the time taken saving a snapshot | ms | summary |
| `vault.autosnapshots.last.success.time` | Epoch time (seconds since 1970/01/01) of last successful snapshot save | n/a | gauge |
| `vault.autosnapshots.snapshot.size` | Measures the size in bytes of snapshots | bytes | summary |
| `vault.autosnapshots.rotate.duration` | Measures the time taken to rotate (i.e. delete) old snapshots to satisfy configured retention | ms | summary |
| `vault.autosnapshots.snapshots.in.storage` | Number of snapshots in storage | n/a | gauge |
## Metric labels
| Metric | Description | Example |
| :--------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :---------------------- |
| `auth_method` | Authorization engine type . | `userpass` |
| `cluster` | The cluster name from which the metric originated; set in the configuration file, or automatically generated when a cluster is create | `vault-cluster-d54ad07` |
| `creation_ttl` | Time-to-live value assigned to a token or lease at creation. This value is rounded up to the next-highest bucket; the available buckets are `1m`, `10m`, `20m`, `1h`, `2h`, `1d`, `2d`, `7d`, and `30d`. Any longer TTL is assigned the value `+Inf`. | `7d` |
| `mount_point` | Path at which an auth method or secret engine is mounted. | `auth/userpass/` |
| `namespace` | A namespace path, or `root` for the root namespace | `ns1` |
| `policy` | A single named policy | `default` |
| `secret_engine` | The [secret engine][secrets-engine] type. | `aws` |
| `token_type` | Identifies whether the token is a batch token or a service token. | `service` |
| `peer_id` | Unique identifier of a raft peer. | `node-1` |
| `node_id` | Unique identifier of a raft peer, same as peer_id. | `node-1` |
| `snapshot_config_name` | For automated snapshots, the name of the configuration | `config1` |
[secrets-engines]: /vault/docs/secrets
[storage-backends]: /vault/docs/configuration/storage
[telemetry-stanza]: /vault/docs/configuration/telemetry
[cubbyhole-secrets-engine]: /vault/docs/secrets/cubbyhole
[kv-secrets-engine]: /vault/docs/secrets/kv
[ldap-auth-backend]: /vault/docs/auth/ldap
[token-auth-backend]: /vault/docs/auth/token
[azure-storage-backend]: /vault/docs/configuration/storage/azure
[cassandra-storage-backend]: /vault/docs/configuration/storage/cassandra
[cockroachdb-storage-backend]: /vault/docs/configuration/storage/cockroachdb
[consul-storage-backend]: /vault/docs/configuration/storage/consul
[couchdb-storage-backend]: /vault/docs/configuration/storage/couchdb
[dynamodb-storage-backend]: /vault/docs/configuration/storage/dynamodb
[etcd-storage-backend]: /vault/docs/configuration/storage/etcd
[gcs-storage-backend]: /vault/docs/configuration/storage/google-cloud-storage
[spanner-storage-backend]: /vault/docs/configuration/storage/google-cloud-spanner
[mssql-storage-backend]: /vault/docs/configuration/storage/mssql
[mysql-storage-backend]: /vault/docs/configuration/storage/mysql
[postgresql-storage-backend]: /vault/docs/configuration/storage/postgresql
[s3-storage-backend]: /vault/docs/configuration/storage/s3
[swift-storage-backend]: /vault/docs/configuration/storage/swift
[zookeeper-storage-backend]: /vault/docs/configuration/storage/zookeeper
[integrated-storage]: /vault/docs/configuration/storage/raft

110
website/content/docs/internals/telemetry/enable-telemetry.mdx Normal file
View File

@@ -0,0 +1,110 @@
---
layout: docs
page_title: Enable Vault telemetry
description: >-
Step-by-step guide to enabling telemetry gathering with Vault
---
# Enable Vault telemetry gathering
Collect telemetry data from your Vault installation.
## Before you start
- **You must have Vault 1.14 or later installed and running**.
- **You must have access to your [Vault configuration](/vault/docs/configuration) file**.
## Step 1: Choose an aggregation agent
@include 'telemetry/supported-aggregation-agents.mdx'
## Step 2: Enable at least one audit device
To include audit-related metrics, you must enable auditing on at least one device
with the `vault audit enable` command. For example, to enable auditing for the
`file` device and save the logs to `/var/log/vault_audit.log`:
```shell-session
$ vault audit enable file file_path=/var/log/vault_audit.log
```
By default, Enterprise installations replicate audit devices to the secondary
performance nodes in a cluster. To limit performance replication for an audit
device, use the `local` flag to mark the device as local to the current node:
```shell-session
$ vault audit enable file -local file_path=/var/log/vault_audit.log
```
## Step 3: Configure telemetry collection
To configure telemetry collection, update the telemetry stanza in your Vault
configuration with your collection preferences and aggregation agent details.
For example, the following `telemetry` stanza configures Vault with the standard
telemetry defaults and connects it to a Statsite agent running on the default
port within a company intranet at `mycompany.statsite`:
```hcl
telemetry {
usage_gauge_period = "10m"
maximum_gauge_cardinality = 500
disable_hostname = false
enable_hostname_label = false
lease_metrics_epsilon = "1h"
num_lease_metrics_buckets = 168
add_lease_metrics_namespace_labels = false
filter_default = true
statsite_address = "mycompany.statsite:8125"
}
```
<Tip heading="Use a prefix filter to reduce the volume of metrics you receive">
Many metrics solutions charge by the metric. You can set `filter_default` to
false and use the `prefix_filter` parameter to include and exclude specific
values based on metric name to avoid paying for irrelevant information.
For example, to limit your telemetry to the core token metrics plus the number
of leases set to expire:
```hcl
telemetry {
filter_default = false
prefix_filter = ["+vault.token", "-vault.expire", "+vault.expire.num_leases"]
}
```
</Tip>
## Step 4: Choose a reporting solution
You need to save or forward your telemetry data to a separate storage solution
for reporting, analysis, and alerting. Which solution you need depends on the
feature set provided by your aggregation agent and the protocol support of your
reporting platform.
Popular reporting solutions compatible with Vault:
- [Grafana](https://grafana.com/grafana)
- [Graphite](https://www.hostedgraphite.com)
- [InfluxData: Telegraf](https://www.influxdata.com/time-series-platform/telegraf)
- [InfluxData: InfluxDB](https://www.influxdata.com/products/influxdb-overview)
- [InfluxData: Chronograf](https://www.influxdata.com/time-series-platform/telegraf)
- [InfluxData: Kapacitor](https://www.influxdata.com/time-series-platform/kapacitor)
- [Splunk](https://www.splunk.com)
## Next steps
- Review the full list of available
[telemetry parameters](/vault/docs/configuration/telemetry#telemetry-parameters).
- Review the [Monitor telemetry and audit device log data](/vault/tutorials/monitoring/monitor-telemetry-audit-splunk)
tutorial for general monitoring guidance and steps to configure your
Vault telemetry for Splunk using Telegraf and Fluentd.
- Review the
[Monitor telemetry with Prometheus and Grafana](/vault/tutorials/monitoring/monitor-telemetry-grafana-prometheus)
tutorial to configure your Vault telemetry for Prometheus and Grafana.

68
website/content/docs/internals/telemetry/index.mdx Normal file
View File

@@ -0,0 +1,68 @@
---
layout: docs
page_title: Telemetry
description: |-
Learn about the telemetry data available in Vault
---
# Telemetry
The Vault server process collects various runtime metrics about the performance
of different libraries and subsystems. These metrics are aggregated on a
10-second interval and retained for one minute in memory. High-cardinality
metrics, like `vault.kv.secret.count`, report every 10 minutes or at an interval
configured with in the `telemetry` stanza.
@include 'telemetry/supported-aggregation-agents.mdx'
<Important>
Telemetry from Vault must be streamed and stored in metrics aggregation
software to monitor Vault and collect durable metrics.
</Important>
## Working with raw telemetry data
You can view raw telemetry data for debugging purposes by interrupting the Vault
process with `USR1` (on *nix) or `BREAK` (on Windows). When the Vault process
receives this signal, it dumps telemetry data for the last 10 seconds to
`stderr`.
Raw telemetry data is prefixed with the relevant metric type:
- **`[C]`** indicates the metric is a **counter**.
- **`[G]`** indicates the metric is a **gauge**.
- **`[S]`** indicates the metric is a **summary**.
## Example raw telemetry dump
```text
[2017-12-19 20:37:50 +0000 UTC][G] 'vault.7f320e57f9fe.expire.num_leases': 5100.000
[2017-12-19 20:37:50 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.num_goroutines': 39.000
[2017-12-19 20:37:50 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.sys_bytes': 222746880.000
[2017-12-19 20:37:50 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.malloc_count': 109189192.000
[2017-12-19 20:37:50 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.free_count': 108408240.000
[2017-12-19 20:37:50 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.heap_objects': 780953.000
[2017-12-19 20:37:50 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.total_gc_runs': 232.000
[2017-12-19 20:37:50 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.alloc_bytes': 72954392.000
[2017-12-19 20:37:50 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.total_gc_pause_ns': 150293024.000
[2017-12-19 20:37:50 +0000 UTC][S] 'vault.merkle.flushDirty': Count: 100 Min: 0.008 Mean: 0.027 Max: 0.183 Stddev: 0.024 Sum: 2.681 LastUpdated: 2017-12-19 20:37:59.848733035 +0000 UTC m=+10463.692105920
[2017-12-19 20:37:50 +0000 UTC][S] 'vault.merkle.saveCheckpoint': Count: 4 Min: 0.021 Mean: 0.054 Max: 0.110 Stddev: 0.039 Sum: 0.217 LastUpdated: 2017-12-19 20:37:57.048458148 +0000 UTC m=+10460.891835029
[2017-12-19 20:38:00 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.alloc_bytes': 73326136.000
[2017-12-19 20:38:00 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.sys_bytes': 222746880.000
[2017-12-19 20:38:00 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.malloc_count': 109195904.000
[2017-12-19 20:38:00 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.free_count': 108409568.000
[2017-12-19 20:38:00 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.heap_objects': 786342.000
[2017-12-19 20:38:00 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.total_gc_pause_ns': 150293024.000
[2017-12-19 20:38:00 +0000 UTC][G] 'vault.7f320e57f9fe.expire.num_leases': 5100.000
[2017-12-19 20:38:00 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.num_goroutines': 39.000
[2017-12-19 20:38:00 +0000 UTC][G] 'vault.7f320e57f9fe.runtime.total_gc_runs': 232.000
[2017-12-19 20:38:00 +0000 UTC][S] 'vault.route.rollback.consul-': Count: 1 Sum: 0.013 LastUpdated: 2017-12-19 20:38:01.968471579 +0000 UTC m=+10465.811842067
[2017-12-19 20:38:00 +0000 UTC][S] 'vault.rollback.attempt.consul-': Count: 1 Sum: 0.073 LastUpdated: 2017-12-19 20:38:01.968502743 +0000 UTC m=+10465.811873131
[2017-12-19 20:38:00 +0000 UTC][S] 'vault.rollback.attempt.pki-': Count: 1 Sum: 0.070 LastUpdated: 2017-12-19 20:38:01.96867005 +0000 UTC m=+10465.812041936
[2017-12-19 20:38:00 +0000 UTC][S] 'vault.route.rollback.auth-app-id-': Count: 1 Sum: 0.012 LastUpdated: 2017-12-19 20:38:01.969146401 +0000 UTC m=+10465.812516689
[2017-12-19 20:38:00 +0000 UTC][S] 'vault.rollback.attempt.identity-': Count: 1 Sum: 0.063 LastUpdated: 2017-12-19 20:38:01.968029888 +0000 UTC m=+10465.811400276
[2017-12-19 20:38:00 +0000 UTC][S] 'vault.rollback.attempt.database-': Count: 1 Sum: 0.066 LastUpdated: 2017-12-19 20:38:01.969394215 +0000 UTC m=+10465.812764603
[2017-12-19 20:38:00 +0000 UTC][S] 'vault.barrier.get': Count: 16 Min: 0.010 Mean: 0.015 Max: 0.031 Stddev: 0.005 Sum: 0.237 LastUpdated: 2017-12-19 20:38:01.983268118 +0000 UTC m=+10465.826637008
[2017-12-19 20:38:00 +0000 UTC][S] 'vault.merkle.flushDirty': Count: 100 Min: 0.006 Mean: 0.024 Max: 0.098 Stddev: 0.019 Sum: 2.386 LastUpdated: 2017-12-19 20:38:09.848158309 +0000 UTC m=+10473.691527099
```

725
website/content/docs/internals/telemetry/metrics/all.mdx Normal file
View File

@@ -0,0 +1,725 @@
---
layout: docs
page_title: "Telemetry reference: All metrics"
description: >-
Full list of all telemetry values provided by Vault.
---
# All Vault telemetry metrics
For completeness, we provide a full list of available metrics below in
alphabetic order by name.
## Full metric list
@include 'telemetry-metrics/database/close.mdx'
@include 'telemetry-metrics/database/close/error.mdx'
@include 'telemetry-metrics/database/createuser.mdx'
@include 'telemetry-metrics/database/createuser/error.mdx'
@include 'telemetry-metrics/database/initialize.mdx'
@include 'telemetry-metrics/database/initialize/error.mdx'
@include 'telemetry-metrics/database/name/close.mdx'
@include 'telemetry-metrics/database/name/close/error.mdx'
@include 'telemetry-metrics/database/name/createuser.mdx'
@include 'telemetry-metrics/database/name/createuser/error.mdx'
@include 'telemetry-metrics/database/name/initialize.mdx'
@include 'telemetry-metrics/database/name/initialize/error.mdx'
@include 'telemetry-metrics/database/name/renewuser.mdx'
@include 'telemetry-metrics/database/name/renewuser/error.mdx'
@include 'telemetry-metrics/database/name/revokeuser.mdx'
@include 'telemetry-metrics/database/name/revokeuser/error.mdx'
@include 'telemetry-metrics/database/renewuser.mdx'
@include 'telemetry-metrics/database/renewuser/error.mdx'
@include 'telemetry-metrics/database/revokeuser.mdx'
@include 'telemetry-metrics/database/revokeuser/error.mdx'
@include 'telemetry-metrics/secrets/pki/tidy/cert_store_current_entry.mdx'
@include 'telemetry-metrics/secrets/pki/tidy/cert_store_deleted_count.mdx'
@include 'telemetry-metrics/secrets/pki/tidy/cert_store_total_entries_remaining.mdx'
@include 'telemetry-metrics/secrets/pki/tidy/cert_store_total_entries.mdx'
@include 'telemetry-metrics/secrets/pki/tidy/duration.mdx'
@include 'telemetry-metrics/secrets/pki/tidy/failure.mdx'
@include 'telemetry-metrics/secrets/pki/tidy/revoked_cert_current_entry.mdx'
@include 'telemetry-metrics/secrets/pki/tidy/revoked_cert_deleted_count.mdx'
@include 'telemetry-metrics/secrets/pki/tidy/revoked_cert_total_entries_fixed_issuers.mdx'
@include 'telemetry-metrics/secrets/pki/tidy/revoked_cert_total_entries_incorrect_issuers.mdx'
@include 'telemetry-metrics/secrets/pki/tidy/revoked_cert_total_entries_remaining.mdx'
@include 'telemetry-metrics/secrets/pki/tidy/revoked_cert_total_entries.mdx'
@include 'telemetry-metrics/secrets/pki/tidy/start_time_epoch.mdx'
@include 'telemetry-metrics/secrets/pki/tidy/success.mdx'
@include 'telemetry-metrics/vault/audit/device/log_request_failure.mdx'
@include 'telemetry-metrics/vault/audit/device/log_request.mdx'
@include 'telemetry-metrics/vault/audit/device/log_response_failure.mdx'
@include 'telemetry-metrics/vault/audit/device/log_response.mdx'
@include 'telemetry-metrics/vault/audit/log_request_failure.mdx'
@include 'telemetry-metrics/vault/audit/log_request.mdx'
@include 'telemetry-metrics/vault/audit/log_response_failure.mdx'
@include 'telemetry-metrics/vault/audit/log_response.mdx'
@include 'telemetry-metrics/vault/autopilot/failure_tolerance.mdx'
@include 'telemetry-metrics/vault/autopilot/healthy.mdx'
@include 'telemetry-metrics/vault/autopilot/node/healthy.mdx'
@include 'telemetry-metrics/vault/autosnapshots/last/success/time.mdx'
@include 'telemetry-metrics/vault/autosnapshots/percent/maxspace/used.mdx'
@include 'telemetry-metrics/vault/autosnapshots/rotate/duration.mdx'
@include 'telemetry-metrics/vault/autosnapshots/save/duration.mdx'
@include 'telemetry-metrics/vault/autosnapshots/save/errors.mdx'
@include 'telemetry-metrics/vault/autosnapshots/snapshot/size.mdx'
@include 'telemetry-metrics/vault/autosnapshots/total/snapshot/size.mdx'
@include 'telemetry-metrics/vault/azure/delete.mdx'
@include 'telemetry-metrics/vault/azure/get.mdx'
@include 'telemetry-metrics/vault/azure/list.mdx'
@include 'telemetry-metrics/vault/azure/put.mdx'
@include 'telemetry-metrics/vault/barrier/delete.mdx'
@include 'telemetry-metrics/vault/barrier/get.mdx'
@include 'telemetry-metrics/vault/barrier/list.mdx'
@include 'telemetry-metrics/vault/barrier/put.mdx'
@include 'telemetry-metrics/vault/cache/delete.mdx'
@include 'telemetry-metrics/vault/cache/hit.mdx'
@include 'telemetry-metrics/vault/cache/miss.mdx'
@include 'telemetry-metrics/vault/cache/write.mdx'
@include 'telemetry-metrics/vault/cassandra/delete.mdx'
@include 'telemetry-metrics/vault/cassandra/get.mdx'
@include 'telemetry-metrics/vault/cassandra/list.mdx'
@include 'telemetry-metrics/vault/cassandra/put.mdx'
@include 'telemetry-metrics/vault/cockroachdb/delete.mdx'
@include 'telemetry-metrics/vault/cockroachdb/get.mdx'
@include 'telemetry-metrics/vault/cockroachdb/list.mdx'
@include 'telemetry-metrics/vault/cockroachdb/put.mdx'
@include 'telemetry-metrics/vault/consul/delete.mdx'
@include 'telemetry-metrics/vault/consul/get.mdx'
@include 'telemetry-metrics/vault/consul/list.mdx'
@include 'telemetry-metrics/vault/consul/put.mdx'
@include 'telemetry-metrics/vault/consul/transaction.mdx'
@include 'telemetry-metrics/vault/core/active.mdx'
@include 'telemetry-metrics/vault/core/activity/fragment_size.mdx'
@include 'telemetry-metrics/vault/core/activity/segment_write.mdx'
@include 'telemetry-metrics/vault/core/check_token.mdx'
@include 'telemetry-metrics/vault/core/fetch_acl_and_token.mdx'
@include 'telemetry-metrics/vault/core/handle_login_request.mdx'
@include 'telemetry-metrics/vault/core/handle_request.mdx'
@include 'telemetry-metrics/vault/core/in_flight_requests.mdx'
@include 'telemetry-metrics/vault/core/leadership_lost.mdx'
@include 'telemetry-metrics/vault/core/leadership_setup_failed.mdx'
@include 'telemetry-metrics/vault/core/license/expiration_time_epoch.mdx'
@include 'telemetry-metrics/vault/core/locked_users.mdx'
@include 'telemetry-metrics/vault/core/mount_table/num_entries.mdx'
@include 'telemetry-metrics/vault/core/mount_table/size.mdx'
@include 'telemetry-metrics/vault/core/performance_standby.mdx'
@include 'telemetry-metrics/vault/core/post_unseal.mdx'
@include 'telemetry-metrics/vault/core/pre_seal.mdx'
@include 'telemetry-metrics/vault/core/replication/dr/primary.mdx'
@include 'telemetry-metrics/vault/core/replication/dr/secondary.mdx'
@include 'telemetry-metrics/vault/core/replication/performance/primary.mdx'
@include 'telemetry-metrics/vault/core/replication/performance/secondary.mdx'
@include 'telemetry-metrics/vault/core/replication/write_undo_logs.mdx'
@include 'telemetry-metrics/vault/core/seal_internal.mdx'
@include 'telemetry-metrics/vault/core/seal_with_request.mdx'
@include 'telemetry-metrics/vault/core/step_down.mdx'
@include 'telemetry-metrics/vault/core/unseal.mdx'
@include 'telemetry-metrics/vault/core/unsealed.mdx'
@include 'telemetry-metrics/vault/couchdb/delete.mdx'
@include 'telemetry-metrics/vault/couchdb/get.mdx'
@include 'telemetry-metrics/vault/couchdb/list.mdx'
@include 'telemetry-metrics/vault/couchdb/put.mdx'
@include 'telemetry-metrics/vault/dynamodb/delete.mdx'
@include 'telemetry-metrics/vault/dynamodb/get.mdx'
@include 'telemetry-metrics/vault/dynamodb/list.mdx'
@include 'telemetry-metrics/vault/dynamodb/put.mdx'
@include 'telemetry-metrics/vault/etcd/delete.mdx'
@include 'telemetry-metrics/vault/etcd/get.mdx'
@include 'telemetry-metrics/vault/etcd/list.mdx'
@include 'telemetry-metrics/vault/etcd/put.mdx'
@include 'telemetry-metrics/vault/expire/fetch_lease_times_by_token.mdx'
@include 'telemetry-metrics/vault/expire/fetch_lease_times.mdx'
@include 'telemetry-metrics/vault/expire/job_manager/queue_length.mdx'
@include 'telemetry-metrics/vault/expire/job_manager/total_jobs.mdx'
@include 'telemetry-metrics/vault/expire/lease_expiration.mdx'
@include 'telemetry-metrics/vault/expire/lease_expiration/error.mdx'
@include 'telemetry-metrics/vault/expire/lease_expiration/time_in_queue.mdx'
@include 'telemetry-metrics/vault/expire/leases/by_expiration.mdx'
@include 'telemetry-metrics/vault/expire/num_irrevocable_leases.mdx'
@include 'telemetry-metrics/vault/expire/num_leases.mdx'
@include 'telemetry-metrics/vault/expire/register_auth.mdx'
@include 'telemetry-metrics/vault/expire/register.mdx'
@include 'telemetry-metrics/vault/expire/renew_token.mdx'
@include 'telemetry-metrics/vault/expire/renew.mdx'
@include 'telemetry-metrics/vault/expire/revoke_by_token.mdx'
@include 'telemetry-metrics/vault/expire/revoke_force.mdx'
@include 'telemetry-metrics/vault/expire/revoke_prefix.mdx'
@include 'telemetry-metrics/vault/expire/revoke.mdx'
@include 'telemetry-metrics/vault/gcs/delete.mdx'
@include 'telemetry-metrics/vault/gcs/get.mdx'
@include 'telemetry-metrics/vault/gcs/list.mdx'
@include 'telemetry-metrics/vault/gcs/lock/lock.mdx'
@include 'telemetry-metrics/vault/gcs/lock/unlock.mdx'
@include 'telemetry-metrics/vault/gcs/lock/value.mdx'
@include 'telemetry-metrics/vault/gcs/put.mdx'
@include 'telemetry-metrics/vault/ha/rpc/client/echo.mdx'
@include 'telemetry-metrics/vault/ha/rpc/client/echo/errors.mdx'
@include 'telemetry-metrics/vault/ha/rpc/client/forward.mdx'
@include 'telemetry-metrics/vault/ha/rpc/client/forward/errors.mdx'
@include 'telemetry-metrics/vault/identity/entity/active/monthly.mdx'
@include 'telemetry-metrics/vault/identity/entity/active/partial_month.mdx'
@include 'telemetry-metrics/vault/identity/entity/active/reporting_period.mdx'
@include 'telemetry-metrics/vault/identity/entity/alias/count.mdx'
@include 'telemetry-metrics/vault/identity/entity/count.mdx'
@include 'telemetry-metrics/vault/identity/entity/creation.mdx'
@include 'telemetry-metrics/vault/identity/num_entities.mdx'
@include 'telemetry-metrics/vault/identity/upsert_entity_txn.mdx'
@include 'telemetry-metrics/vault/identity/upsert_group_txn.mdx'
@include 'telemetry-metrics/vault/logshipper/buffer/length.mdx'
@include 'telemetry-metrics/vault/logshipper/buffer/max_length.mdx'
@include 'telemetry-metrics/vault/logshipper/buffer/max_size.mdx'
@include 'telemetry-metrics/vault/logshipper/buffer/size.mdx'
@include 'telemetry-metrics/vault/logshipper/streamwals/guard_found.mdx'
@include 'telemetry-metrics/vault/logshipper/streamwals/missing_guard.mdx'
@include 'telemetry-metrics/vault/logshipper/streamwals/scanned_entries.mdx'
@include 'telemetry-metrics/vault/merkle/flushdirty.mdx'
@include 'telemetry-metrics/vault/merkle/flushdirty/num_pages.mdx'
@include 'telemetry-metrics/vault/merkle/flushdirty/outstanding_pages.mdx'
@include 'telemetry-metrics/vault/merkle/savecheckpoint.mdx'
@include 'telemetry-metrics/vault/merkle/savecheckpoint/num_dirty.mdx'
@include 'telemetry-metrics/vault/metrics/collection.mdx'
@include 'telemetry-metrics/vault/metrics/collection/error.mdx'
@include 'telemetry-metrics/vault/metrics/collection/interval.mdx'
@include 'telemetry-metrics/vault/mssql/delete.mdx'
@include 'telemetry-metrics/vault/mssql/get.mdx'
@include 'telemetry-metrics/vault/mssql/list.mdx'
@include 'telemetry-metrics/vault/mssql/put.mdx'
@include 'telemetry-metrics/vault/mysql/delete.mdx'
@include 'telemetry-metrics/vault/mysql/get.mdx'
@include 'telemetry-metrics/vault/mysql/list.mdx'
@include 'telemetry-metrics/vault/mysql/put.mdx'
@include 'telemetry-metrics/vault/policy/delete_policy.mdx'
@include 'telemetry-metrics/vault/policy/get_policy.mdx'
@include 'telemetry-metrics/vault/policy/list_policies.mdx'
@include 'telemetry-metrics/vault/policy/set_policy.mdx'
@include 'telemetry-metrics/vault/postgres/delete.mdx'
@include 'telemetry-metrics/vault/postgres/get.mdx'
@include 'telemetry-metrics/vault/postgres/list.mdx'
@include 'telemetry-metrics/vault/postgres/put.mdx'
@include 'telemetry-metrics/vault/quota/lease_count/counter.mdx'
@include 'telemetry-metrics/vault/quota/lease_count/max.mdx'
@include 'telemetry-metrics/vault/quota/lease_count/violation.mdx'
@include 'telemetry-metrics/vault/quota/rate_limit/violation.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/cursor/count.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/freelist/allocated_bytes.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/freelist/free_pages.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/freelist/pending_pages.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/freelist/used_bytes.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/node/count.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/node/dereferences.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/page/bytes_allocated.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/page/count.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/rebalance/count.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/rebalance/time.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/spill/count.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/spill/time.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/split/count.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/transaction/currently_open_read_transactions.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/transaction/started_read_transactions.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/write/count.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/write/time.mdx'
@include 'telemetry-metrics/vault/raft_storage/follower/applied_index_delta.mdx'
@include 'telemetry-metrics/vault/raft_storage/follower/last_heartbeat_ms.mdx'
@include 'telemetry-metrics/vault/raft_storage/stats/applied_index.mdx'
@include 'telemetry-metrics/vault/raft_storage/stats/commit_index.mdx'
@include 'telemetry-metrics/vault/raft_storage/stats/fsm_pending.mdx'
@include 'telemetry-metrics/vault/raft-storage/delete.mdx'
@include 'telemetry-metrics/vault/raft-storage/entry_size.mdx'
@include 'telemetry-metrics/vault/raft-storage/get.mdx'
@include 'telemetry-metrics/vault/raft-storage/list.mdx'
@include 'telemetry-metrics/vault/raft-storage/put.mdx'
@include 'telemetry-metrics/vault/raft-storage/transaction.mdx'
@include 'telemetry-metrics/vault/raft/apply.mdx'
@include 'telemetry-metrics/vault/raft/barrier.mdx'
@include 'telemetry-metrics/vault/raft/candidate/electself.mdx'
@include 'telemetry-metrics/vault/raft/commitnumlogs.mdx'
@include 'telemetry-metrics/vault/raft/committime.mdx'
@include 'telemetry-metrics/vault/raft/compactlogs.mdx'
@include 'telemetry-metrics/vault/raft/fsm/apply.mdx'
@include 'telemetry-metrics/vault/raft/fsm/applybatch.mdx'
@include 'telemetry-metrics/vault/raft/fsm/applybatchnum.mdx'
@include 'telemetry-metrics/vault/raft/fsm/enqueue.mdx'
@include 'telemetry-metrics/vault/raft/fsm/restore.mdx'
@include 'telemetry-metrics/vault/raft/fsm/snapshot.mdx'
@include 'telemetry-metrics/vault/raft/fsm/store_config.mdx'
@include 'telemetry-metrics/vault/raft/get.mdx'
@include 'telemetry-metrics/vault/raft/leader/dispatchlog.mdx'
@include 'telemetry-metrics/vault/raft/leader/dispatchnumlogs.mdx'
@include 'telemetry-metrics/vault/raft/leader/lastcontact.mdx'
@include 'telemetry-metrics/vault/raft/list.mdx'
@include 'telemetry-metrics/vault/raft/peers.mdx'
@include 'telemetry-metrics/vault/raft/replication/appendentries/log.mdx'
@include 'telemetry-metrics/vault/raft/replication/appendentries/rpc.mdx'
@include 'telemetry-metrics/vault/raft/replication/heartbeat.mdx'
@include 'telemetry-metrics/vault/raft/replication/installsnapshot.mdx'
@include 'telemetry-metrics/vault/raft/restore.mdx'
@include 'telemetry-metrics/vault/raft/restoreusersnapshot.mdx'
@include 'telemetry-metrics/vault/raft/rpc/appendentries.mdx'
@include 'telemetry-metrics/vault/raft/rpc/appendentries/processlogs.mdx'
@include 'telemetry-metrics/vault/raft/rpc/appendentries/storelogs.mdx'
@include 'telemetry-metrics/vault/raft/rpc/installsnapshot.mdx'
@include 'telemetry-metrics/vault/raft/rpc/processheartbeat.mdx'
@include 'telemetry-metrics/vault/raft/rpc/requestvote.mdx'
@include 'telemetry-metrics/vault/raft/snapshot/create.mdx'
@include 'telemetry-metrics/vault/raft/snapshot/persist.mdx'
@include 'telemetry-metrics/vault/raft/snapshot/takesnapshot.mdx'
@include 'telemetry-metrics/vault/raft/state/candidate.mdx'
@include 'telemetry-metrics/vault/raft/state/follower.mdx'
@include 'telemetry-metrics/vault/raft/state/leader.mdx'
@include 'telemetry-metrics/vault/raft/transition/heartbeat_timeout.mdx'
@include 'telemetry-metrics/vault/raft/transition/leader_lease_timeout.mdx'
@include 'telemetry-metrics/vault/raft/verify_leader.mdx'
@include 'telemetry-metrics/vault/replication/fetchremotekeys.mdx'
@include 'telemetry-metrics/vault/replication/fsm/last_remote_wal.mdx'
@include 'telemetry-metrics/vault/replication/merkle/commit_index.mdx'
@include 'telemetry-metrics/vault/replication/merklediff.mdx'
@include 'telemetry-metrics/vault/replication/merklesync.mdx'
@include 'telemetry-metrics/vault/replication/rpc/client/conflicting_pages.mdx'
@include 'telemetry-metrics/vault/replication/rpc/client/create_token_register_auth_lease.mdx'
@include 'telemetry-metrics/vault/replication/rpc/client/fetch_keys.mdx'
@include 'telemetry-metrics/vault/replication/rpc/client/forward.mdx'
@include 'telemetry-metrics/vault/replication/rpc/client/guard_hash.mdx'
@include 'telemetry-metrics/vault/replication/rpc/client/persist_alias.mdx'
@include 'telemetry-metrics/vault/replication/rpc/client/register_auth.mdx'
@include 'telemetry-metrics/vault/replication/rpc/client/register_lease.mdx'
@include 'telemetry-metrics/vault/replication/rpc/client/save_mfa_response_auth.mdx'
@include 'telemetry-metrics/vault/replication/rpc/client/stream_wals.mdx'
@include 'telemetry-metrics/vault/replication/rpc/client/sub_page_hashes.mdx'
@include 'telemetry-metrics/vault/replication/rpc/client/sync_counter.mdx'
@include 'telemetry-metrics/vault/replication/rpc/client/upsert_group.mdx'
@include 'telemetry-metrics/vault/replication/rpc/client/wrap_in_cubbyhole.mdx'
@include 'telemetry-metrics/vault/replication/rpc/dr/server/echo.mdx'
@include 'telemetry-metrics/vault/replication/rpc/dr/server/fetch_keys_request.mdx'
@include 'telemetry-metrics/vault/replication/rpc/server/auth_request.mdx'
@include 'telemetry-metrics/vault/replication/rpc/server/bootstrap_request.mdx'
@include 'telemetry-metrics/vault/replication/rpc/server/conflicting_pages_request.mdx'
@include 'telemetry-metrics/vault/replication/rpc/server/echo.mdx'
@include 'telemetry-metrics/vault/replication/rpc/server/forwarding_request.mdx'
@include 'telemetry-metrics/vault/replication/rpc/server/guard_hash_request.mdx'
@include 'telemetry-metrics/vault/replication/rpc/server/persist_alias_request.mdx'
@include 'telemetry-metrics/vault/replication/rpc/server/persist_persona_request.mdx'
@include 'telemetry-metrics/vault/replication/rpc/server/save_mfa_response_auth.mdx'
@include 'telemetry-metrics/vault/replication/rpc/server/stream_wals_request.mdx'
@include 'telemetry-metrics/vault/replication/rpc/server/sub_page_hashes_request.mdx'
@include 'telemetry-metrics/vault/replication/rpc/server/sync_counter_request.mdx'
@include 'telemetry-metrics/vault/replication/rpc/server/upsert_group_request.mdx'
@include 'telemetry-metrics/vault/replication/rpc/standby/server/create_token_register_auth_lease_request.mdx'
@include 'telemetry-metrics/vault/replication/rpc/standby/server/echo.mdx'
@include 'telemetry-metrics/vault/replication/rpc/standby/server/register_auth_request.mdx'
@include 'telemetry-metrics/vault/replication/rpc/standby/server/register_lease_request.mdx'
@include 'telemetry-metrics/vault/replication/rpc/standby/server/wrap_token_request.mdx'
@include 'telemetry-metrics/vault/replication/wal/gc.mdx'
@include 'telemetry-metrics/vault/replication/wal/last_dr_wal.mdx'
@include 'telemetry-metrics/vault/replication/wal/last_performance_wal.mdx'
@include 'telemetry-metrics/vault/replication/wal/last_wal.mdx'
@include 'telemetry-metrics/vault/rollback/attempt/mountpoint.mdx'
@include 'telemetry-metrics/vault/route/create/mountpoint.mdx'
@include 'telemetry-metrics/vault/route/delete/mountpoint.mdx'
@include 'telemetry-metrics/vault/route/list/mountpoint.mdx'
@include 'telemetry-metrics/vault/route/read/mountpoint.mdx'
@include 'telemetry-metrics/vault/route/rollback/mountpoint.mdx'
@include 'telemetry-metrics/vault/runtime/alloc_bytes.mdx'
@include 'telemetry-metrics/vault/runtime/free_count.mdx'
@include 'telemetry-metrics/vault/runtime/gc_pause_ns.mdx'
@include 'telemetry-metrics/vault/runtime/heap_objects.mdx'
@include 'telemetry-metrics/vault/runtime/malloc_count.mdx'
@include 'telemetry-metrics/vault/runtime/num_goroutines.mdx'
@include 'telemetry-metrics/vault/runtime/sys_bytes.mdx'
@include 'telemetry-metrics/vault/runtime/total_gc_pause_ns.mdx'
@include 'telemetry-metrics/vault/runtime/total_gc_runs.mdx'
@include 'telemetry-metrics/vault/s3/delete.mdx'
@include 'telemetry-metrics/vault/s3/get.mdx'
@include 'telemetry-metrics/vault/s3/list.mdx'
@include 'telemetry-metrics/vault/s3/put.mdx'
@include 'telemetry-metrics/vault/secret/kv/count.mdx'
@include 'telemetry-metrics/vault/secret/lease/creation.mdx'
@include 'telemetry-metrics/vault/spanner/delete.mdx'
@include 'telemetry-metrics/vault/spanner/get.mdx'
@include 'telemetry-metrics/vault/spanner/list.mdx'
@include 'telemetry-metrics/vault/spanner/lock/lock.mdx'
@include 'telemetry-metrics/vault/spanner/lock/unlock.mdx'
@include 'telemetry-metrics/vault/spanner/lock/value.mdx'
@include 'telemetry-metrics/vault/spanner/put.mdx'
@include 'telemetry-metrics/vault/swift/delete.mdx'
@include 'telemetry-metrics/vault/swift/get.mdx'
@include 'telemetry-metrics/vault/swift/list.mdx'
@include 'telemetry-metrics/vault/swift/put.mdx'
@include 'telemetry-metrics/vault/token/count.mdx'
@include 'telemetry-metrics/vault/token/count/by_auth.mdx'
@include 'telemetry-metrics/vault/token/count/by_policy.mdx'
@include 'telemetry-metrics/vault/token/count/by_ttl.mdx'
@include 'telemetry-metrics/vault/token/create_root.mdx'
@include 'telemetry-metrics/vault/token/create.mdx'
@include 'telemetry-metrics/vault/token/createaccessor.mdx'
@include 'telemetry-metrics/vault/token/creation.mdx'
@include 'telemetry-metrics/vault/token/lookup.mdx'
@include 'telemetry-metrics/vault/token/revoke_tree.mdx'
@include 'telemetry-metrics/vault/token/revoke.mdx'
@include 'telemetry-metrics/vault/token/store.mdx'
@include 'telemetry-metrics/vault/wal/deletewals.mdx'
@include 'telemetry-metrics/vault/wal/flushready.mdx'
@include 'telemetry-metrics/vault/wal/flushready/queue_len.mdx'
@include 'telemetry-metrics/vault/wal/gc/deleted.mdx'
@include 'telemetry-metrics/vault/wal/gc/total.mdx'
@include 'telemetry-metrics/vault/wal/loadwal.mdx'
@include 'telemetry-metrics/vault/wal/persistwals.mdx'
@include 'telemetry-metrics/vault/zookeeper/delete.mdx'
@include 'telemetry-metrics/vault/zookeeper/get.mdx'
@include 'telemetry-metrics/vault/zookeeper/list.mdx'
@include 'telemetry-metrics/vault/zookeeper/put.mdx'

29
website/content/docs/internals/telemetry/metrics/audit.mdx Normal file
View File

@@ -0,0 +1,29 @@
---
layout: docs
page_title: "Telemetry reference: Audit metrics"
description: >-
Technical reference for audit log telemetry values.
---
# Audit log telemetry
Audit log telemetry provides information on the health of your configured audit
devices.
## Default metrics
@include 'telemetry-metrics/vault/audit/log_request_failure.mdx'
@include 'telemetry-metrics/vault/audit/log_request.mdx'
@include 'telemetry-metrics/vault/audit/log_response_failure.mdx'
@include 'telemetry-metrics/vault/audit/log_response.mdx'
## Audit device metrics
@include 'telemetry-metrics/device-intro.mdx'
@include 'telemetry-metrics/vault/audit/device/log_request.mdx'
@include 'telemetry-metrics/vault/audit/device/log_response.mdx'

95
website/content/docs/internals/telemetry/metrics/authn.mdx Normal file
View File

@@ -0,0 +1,95 @@
---
layout: docs
page_title: "Telemetry reference: Authentication metrics"
description: >-
Technical reference for authentication related telemetry values.
---
# Authentication telemetry
Authentication telemetry provides information on authentication-related
objects and operations.
## Identity metrics
@include 'telemetry-metrics/vault/identity/entity/active/monthly.mdx'
@include 'telemetry-metrics/vault/identity/entity/active/partial_month.mdx'
@include 'telemetry-metrics/vault/identity/entity/active/reporting_period.mdx'
@include 'telemetry-metrics/vault/identity/entity/alias/count.mdx'
@include 'telemetry-metrics/vault/identity/entity/count.mdx'
@include 'telemetry-metrics/vault/identity/entity/creation.mdx'
@include 'telemetry-metrics/vault/identity/num_entities.mdx'
@include 'telemetry-metrics/vault/identity/upsert_entity_txn.mdx'
@include 'telemetry-metrics/vault/identity/upsert_group_txn.mdx'
## Lease metrics
@include 'telemetry-metrics/vault/expire/fetch_lease_times_by_token.mdx'
@include 'telemetry-metrics/vault/expire/fetch_lease_times.mdx'
@include 'telemetry-metrics/vault/expire/job_manager/queue_length.mdx'
@include 'telemetry-metrics/vault/expire/job_manager/total_jobs.mdx'
@include 'telemetry-metrics/vault/expire/lease_expiration.mdx'
@include 'telemetry-metrics/vault/expire/lease_expiration/error.mdx'
@include 'telemetry-metrics/vault/expire/lease_expiration/time_in_queue.mdx'
@include 'telemetry-metrics/vault/expire/leases/by_expiration.mdx'
@include 'telemetry-metrics/vault/expire/num_irrevocable_leases.mdx'
@include 'telemetry-metrics/vault/expire/num_leases.mdx'
@include 'telemetry-metrics/vault/expire/register_auth.mdx'
@include 'telemetry-metrics/vault/expire/register.mdx'
@include 'telemetry-metrics/vault/expire/renew_token.mdx'
@include 'telemetry-metrics/vault/expire/renew.mdx'
@include 'telemetry-metrics/vault/expire/revoke_by_token.mdx'
@include 'telemetry-metrics/vault/expire/revoke_force.mdx'
@include 'telemetry-metrics/vault/expire/revoke_prefix.mdx'
@include 'telemetry-metrics/vault/expire/revoke.mdx'
## Token metrics
@include 'telemetry-metrics/vault/token/count.mdx'
@include 'telemetry-metrics/vault/token/count/by_auth.mdx'
@include 'telemetry-metrics/vault/token/count/by_policy.mdx'
@include 'telemetry-metrics/vault/token/count/by_ttl.mdx'
@include 'telemetry-metrics/vault/token/create_root.mdx'
@include 'telemetry-metrics/vault/token/create.mdx'
@include 'telemetry-metrics/vault/token/createaccessor.mdx'
@include 'telemetry-metrics/vault/token/creation.mdx'
@include 'telemetry-metrics/vault/token/lookup.mdx'
@include 'telemetry-metrics/vault/token/revoke_tree.mdx'
@include 'telemetry-metrics/vault/token/revoke.mdx'
@include 'telemetry-metrics/vault/token/store.mdx'

30
website/content/docs/internals/telemetry/metrics/autosnap.mdx Normal file
View File

@@ -0,0 +1,30 @@
---
layout: docs
page_title: "Telemetry reference: Automated snapshot metrics"
description: >-
Technical reference for automated Raft snapshot telemetry values.
---
# Automated snapshots telemetry
<EnterpriseAlert product="vault" />
Automated snapshot telemetry provides information on automatically scheduled snapshot activity for the
[Raft storage snapshot](/vault/docs/enterprise/automated-integrated-storage-snapshots)
feature.
## Default metrics
@include 'telemetry-metrics/vault/autosnapshots/last/success/time.mdx'
@include 'telemetry-metrics/vault/autosnapshots/percent/maxspace/used.mdx'
@include 'telemetry-metrics/vault/autosnapshots/rotate/duration.mdx'
@include 'telemetry-metrics/vault/autosnapshots/save/duration.mdx'
@include 'telemetry-metrics/vault/autosnapshots/save/errors.mdx'
@include 'telemetry-metrics/vault/autosnapshots/snapshot/size.mdx'
@include 'telemetry-metrics/vault/autosnapshots/total/snapshot/size.mdx'

156
website/content/docs/internals/telemetry/metrics/availability.mdx Normal file
View File

@@ -0,0 +1,156 @@
---
layout: docs
page_title: "Telemetry reference: Availability"
description: >-
Technical reference for availability related telemetry values.
---
# Availability telemetry
Availability telemetry provides information about standby and active nodes in
your Vault instance. Enterprise installations also include
[replication](/vault/docs/enterprise/replication) metrics.
## Default metrics
@include 'telemetry-metrics/vault/ha/rpc/client/echo.mdx'
@include 'telemetry-metrics/vault/ha/rpc/client/echo/errors.mdx'
@include 'telemetry-metrics/vault/ha/rpc/client/forward.mdx'
@include 'telemetry-metrics/vault/ha/rpc/client/forward/errors.mdx'
## Merkle tree metrics
@include 'telemetry-metrics/vault/merkle/flushdirty.mdx'
@include 'telemetry-metrics/vault/merkle/flushdirty/num_pages.mdx'
@include 'telemetry-metrics/vault/merkle/flushdirty/outstanding_pages.mdx'
@include 'telemetry-metrics/vault/merkle/savecheckpoint.mdx'
@include 'telemetry-metrics/vault/merkle/savecheckpoint/num_dirty.mdx'
## Write-ahead log (WAL) telemetry
@include 'telemetry-metrics/vault/wal/deletewals.mdx'
@include 'telemetry-metrics/vault/wal/flushready.mdx'
@include 'telemetry-metrics/vault/wal/flushready/queue_len.mdx'
@include 'telemetry-metrics/vault/wal/gc/deleted.mdx'
@include 'telemetry-metrics/vault/wal/gc/total.mdx'
@include 'telemetry-metrics/vault/wal/loadwal.mdx'
@include 'telemetry-metrics/vault/wal/persistwals.mdx'
## Log shipping metrics
@include 'telemetry-metrics/vault/logshipper/buffer/length.mdx'
@include 'telemetry-metrics/vault/logshipper/buffer/max_length.mdx'
@include 'telemetry-metrics/vault/logshipper/buffer/max_size.mdx'
@include 'telemetry-metrics/vault/logshipper/buffer/size.mdx'
@include 'telemetry-metrics/vault/logshipper/streamwals/guard_found.mdx'
@include 'telemetry-metrics/vault/logshipper/streamwals/missing_guard.mdx'
@include 'telemetry-metrics/vault/logshipper/streamwals/scanned_entries.mdx'
## Replication metrics <EnterpriseAlert product="vault" inline />
@include 'telemetry-metrics/replication-note.mdx'
@include 'telemetry-metrics/vault/replication/fetchremotekeys.mdx'
@include 'telemetry-metrics/vault/replication/fsm/last_remote_wal.mdx'
@include 'telemetry-metrics/vault/replication/merkle/commit_index.mdx'
@include 'telemetry-metrics/vault/replication/merklediff.mdx'
@include 'telemetry-metrics/vault/replication/merklesync.mdx'
@include 'telemetry-metrics/vault/replication/rpc/client/conflicting_pages.mdx'
@include 'telemetry-metrics/vault/replication/rpc/client/create_token_register_auth_lease.mdx'
@include 'telemetry-metrics/vault/replication/rpc/client/fetch_keys.mdx'
@include 'telemetry-metrics/vault/replication/rpc/client/forward.mdx'
@include 'telemetry-metrics/vault/replication/rpc/client/guard_hash.mdx'
@include 'telemetry-metrics/vault/replication/rpc/client/persist_alias.mdx'
@include 'telemetry-metrics/vault/replication/rpc/client/register_auth.mdx'
@include 'telemetry-metrics/vault/replication/rpc/client/register_lease.mdx'
@include 'telemetry-metrics/vault/replication/rpc/client/save_mfa_response_auth.mdx'
@include 'telemetry-metrics/vault/replication/rpc/client/stream_wals.mdx'
@include 'telemetry-metrics/vault/replication/rpc/client/sub_page_hashes.mdx'
@include 'telemetry-metrics/vault/replication/rpc/client/sync_counter.mdx'
@include 'telemetry-metrics/vault/replication/rpc/client/upsert_group.mdx'
@include 'telemetry-metrics/vault/replication/rpc/client/wrap_in_cubbyhole.mdx'
@include 'telemetry-metrics/vault/replication/rpc/dr/server/echo.mdx'
@include 'telemetry-metrics/vault/replication/rpc/dr/server/fetch_keys_request.mdx'
@include 'telemetry-metrics/vault/replication/rpc/server/auth_request.mdx'
@include 'telemetry-metrics/vault/replication/rpc/server/bootstrap_request.mdx'
@include 'telemetry-metrics/vault/replication/rpc/server/conflicting_pages_request.mdx'
@include 'telemetry-metrics/vault/replication/rpc/server/echo.mdx'
@include 'telemetry-metrics/vault/replication/rpc/server/forwarding_request.mdx'
@include 'telemetry-metrics/vault/replication/rpc/server/guard_hash_request.mdx'
@include 'telemetry-metrics/vault/replication/rpc/server/persist_alias_request.mdx'
@include 'telemetry-metrics/vault/replication/rpc/server/persist_persona_request.mdx'
@include 'telemetry-metrics/vault/replication/rpc/server/save_mfa_response_auth.mdx'
@include 'telemetry-metrics/vault/replication/rpc/server/stream_wals_request.mdx'
@include 'telemetry-metrics/vault/replication/rpc/server/sub_page_hashes_request.mdx'
@include 'telemetry-metrics/vault/replication/rpc/server/sync_counter_request.mdx'
@include 'telemetry-metrics/vault/replication/rpc/server/upsert_group_request.mdx'
@include 'telemetry-metrics/vault/replication/rpc/standby/server/create_token_register_auth_lease_request.mdx'
@include 'telemetry-metrics/vault/replication/rpc/standby/server/echo.mdx'
@include 'telemetry-metrics/vault/replication/rpc/standby/server/register_auth_request.mdx'
@include 'telemetry-metrics/vault/replication/rpc/standby/server/register_lease_request.mdx'
@include 'telemetry-metrics/vault/replication/rpc/standby/server/wrap_token_request.mdx'
@include 'telemetry-metrics/vault/replication/wal/gc.mdx'
@include 'telemetry-metrics/vault/replication/wal/last_dr_wal.mdx'
@include 'telemetry-metrics/vault/replication/wal/last_performance_wal.mdx'
@include 'telemetry-metrics/vault/replication/wal/last_wal.mdx'

149
website/content/docs/internals/telemetry/metrics/core-system.mdx Normal file
View File

@@ -0,0 +1,149 @@
---
layout: docs
page_title: "Telemetry reference: Core system metrics"
description: >-
Technical reference for core system telemetry values.
---
# Core system telemetry
Core system telemetry provides information about the operational health of your
Vault instance.
## Default metrics
@include 'telemetry-metrics/vault/core/active.mdx'
@include 'telemetry-metrics/vault/core/activity/fragment_size.mdx'
@include 'telemetry-metrics/vault/core/activity/segment_write.mdx'
@include 'telemetry-metrics/vault/core/check_token.mdx'
@include 'telemetry-metrics/vault/core/fetch_acl_and_token.mdx'
@include 'telemetry-metrics/vault/core/handle_login_request.mdx'
@include 'telemetry-metrics/vault/core/handle_request.mdx'
@include 'telemetry-metrics/vault/core/in_flight_requests.mdx'
@include 'telemetry-metrics/vault/core/leadership_lost.mdx'
@include 'telemetry-metrics/vault/core/leadership_setup_failed.mdx'
@include 'telemetry-metrics/vault/core/license/expiration_time_epoch.mdx'
@include 'telemetry-metrics/vault/core/locked_users.mdx'
@include 'telemetry-metrics/vault/core/mount_table/num_entries.mdx'
@include 'telemetry-metrics/vault/core/mount_table/size.mdx'
@include 'telemetry-metrics/vault/core/performance_standby.mdx'
@include 'telemetry-metrics/vault/core/post_unseal.mdx'
@include 'telemetry-metrics/vault/core/pre_seal.mdx'
@include 'telemetry-metrics/vault/core/replication/dr/primary.mdx'
@include 'telemetry-metrics/vault/core/replication/dr/secondary.mdx'
@include 'telemetry-metrics/vault/core/replication/performance/primary.mdx'
@include 'telemetry-metrics/vault/core/replication/performance/secondary.mdx'
@include 'telemetry-metrics/vault/core/replication/write_undo_logs.mdx'
@include 'telemetry-metrics/vault/core/seal_internal.mdx'
@include 'telemetry-metrics/vault/core/seal_with_request.mdx'
@include 'telemetry-metrics/vault/core/step_down.mdx'
@include 'telemetry-metrics/vault/core/unseal.mdx'
@include 'telemetry-metrics/vault/core/unsealed.mdx'
## Barrier metrics
@include 'telemetry-metrics/vault/barrier/delete.mdx'
@include 'telemetry-metrics/vault/barrier/get.mdx'
@include 'telemetry-metrics/vault/barrier/list.mdx'
@include 'telemetry-metrics/vault/barrier/put.mdx'
## Caching metrics
@include 'telemetry-metrics/vault/cache/delete.mdx'
@include 'telemetry-metrics/vault/cache/hit.mdx'
@include 'telemetry-metrics/vault/cache/miss.mdx'
@include 'telemetry-metrics/vault/cache/write.mdx'
## Metric collection metrics
@include 'telemetry-metrics/vault/metrics/collection.mdx'
@include 'telemetry-metrics/vault/metrics/collection/error.mdx'
@include 'telemetry-metrics/vault/metrics/collection/interval.mdx'
## Quota metrics
@include 'telemetry-metrics/quota-intro.mdx'
@include 'telemetry-metrics/vault/quota/lease_count/counter.mdx'
@include 'telemetry-metrics/vault/quota/lease_count/max.mdx'
@include 'telemetry-metrics/vault/quota/lease_count/violation.mdx'
@include 'telemetry-metrics/vault/quota/rate_limit/violation.mdx'
## Rollback metrics
@include 'telemetry-metrics/rollback-intro.mdx'
@include 'telemetry-metrics/vault/rollback/attempt/mountpoint.mdx'
## Route metrics
@include 'telemetry-metrics/route-intro.mdx'
@include 'telemetry-metrics/vault/route/create/mountpoint.mdx'
@include 'telemetry-metrics/vault/route/delete/mountpoint.mdx'
@include 'telemetry-metrics/vault/route/list/mountpoint.mdx'
@include 'telemetry-metrics/vault/route/read/mountpoint.mdx'
@include 'telemetry-metrics/vault/route/rollback/mountpoint.mdx'
## Runtime metrics
@include 'telemetry-metrics/runtime-note.mdx'
@include 'telemetry-metrics/vault/runtime/alloc_bytes.mdx'
@include 'telemetry-metrics/vault/runtime/free_count.mdx'
@include 'telemetry-metrics/vault/runtime/gc_pause_ns.mdx'
@include 'telemetry-metrics/vault/runtime/heap_objects.mdx'
@include 'telemetry-metrics/vault/runtime/malloc_count.mdx'
@include 'telemetry-metrics/vault/runtime/num_goroutines.mdx'
@include 'telemetry-metrics/vault/runtime/sys_bytes.mdx'
@include 'telemetry-metrics/vault/runtime/total_gc_pause_ns.mdx'
@include 'telemetry-metrics/vault/runtime/total_gc_runs.mdx'

145
website/content/docs/internals/telemetry/metrics/database.mdx Normal file
View File

@@ -0,0 +1,145 @@
---
layout: docs
page_title: "Telemetry reference: Database metrics"
description: >-
Technical reference for database telemetry values.
---
# Database telemetry
Database telemetry provides general information about configured secrets engines
and databases.
## Secrets database metrics
@include 'telemetry-metrics/secretsdb-intro.mdx'
@include 'telemetry-metrics/database/close.mdx'
@include 'telemetry-metrics/database/close/error.mdx'
@include 'telemetry-metrics/database/createuser.mdx'
@include 'telemetry-metrics/database/createuser/error.mdx'
@include 'telemetry-metrics/database/initialize.mdx'
@include 'telemetry-metrics/database/initialize/error.mdx'
@include 'telemetry-metrics/database/name/close.mdx'
@include 'telemetry-metrics/database/name/close/error.mdx'
@include 'telemetry-metrics/database/name/createuser.mdx'
@include 'telemetry-metrics/database/name/createuser/error.mdx'
@include 'telemetry-metrics/database/name/initialize.mdx'
@include 'telemetry-metrics/database/name/initialize/error.mdx'
@include 'telemetry-metrics/database/name/renewuser.mdx'
@include 'telemetry-metrics/database/name/renewuser/error.mdx'
@include 'telemetry-metrics/database/name/revokeuser.mdx'
@include 'telemetry-metrics/database/name/revokeuser/error.mdx'
@include 'telemetry-metrics/database/renewuser.mdx'
@include 'telemetry-metrics/database/renewuser/error.mdx'
@include 'telemetry-metrics/database/revokeuser.mdx'
@include 'telemetry-metrics/database/revokeuser/error.mdx'
## Cockroach database
Metrics related to your Cockroach database **storage backend**.
@include 'telemetry-metrics/vault/cockroachdb/delete.mdx'
@include 'telemetry-metrics/vault/cockroachdb/get.mdx'
@include 'telemetry-metrics/vault/cockroachdb/list.mdx'
@include 'telemetry-metrics/vault/cockroachdb/put.mdx'
## Couch database
Metrics related to your Couch database **storage backend**.
@include 'telemetry-metrics/vault/couchdb/delete.mdx'
@include 'telemetry-metrics/vault/couchdb/get.mdx'
@include 'telemetry-metrics/vault/couchdb/list.mdx'
@include 'telemetry-metrics/vault/couchdb/put.mdx'
## Dynamo database
Metrics related to your Dynamo database **storage backend**.
@include 'telemetry-metrics/vault/dynamodb/delete.mdx'
@include 'telemetry-metrics/vault/dynamodb/get.mdx'
@include 'telemetry-metrics/vault/dynamodb/list.mdx'
@include 'telemetry-metrics/vault/dynamodb/put.mdx'
## Google Cloud - Spanner
Metrics related to your Spanner **storage backend**.
@include 'telemetry-metrics/vault/spanner/delete.mdx'
@include 'telemetry-metrics/vault/spanner/get.mdx'
@include 'telemetry-metrics/vault/spanner/list.mdx'
@include 'telemetry-metrics/vault/spanner/lock/lock.mdx'
@include 'telemetry-metrics/vault/spanner/lock/unlock.mdx'
@include 'telemetry-metrics/vault/spanner/lock/value.mdx'
@include 'telemetry-metrics/vault/spanner/put.mdx'
## Microsoft SQL Server (MSSQL)
Metrics related to your SQL Server **storage backend**.
@include 'telemetry-metrics/vault/mssql/delete.mdx'
@include 'telemetry-metrics/vault/mssql/get.mdx'
@include 'telemetry-metrics/vault/mssql/list.mdx'
@include 'telemetry-metrics/vault/mssql/put.mdx'
## MySQL
Metrics related to your MySQL **storage backend**.
@include 'telemetry-metrics/vault/mysql/delete.mdx'
@include 'telemetry-metrics/vault/mysql/get.mdx'
@include 'telemetry-metrics/vault/mysql/list.mdx'
@include 'telemetry-metrics/vault/mysql/put.mdx'
## PostgreSQL
Metrics related to your PostgreSQL **storage backend**.
@include 'telemetry-metrics/vault/postgres/delete.mdx'
@include 'telemetry-metrics/vault/postgres/get.mdx'
@include 'telemetry-metrics/vault/postgres/list.mdx'
@include 'telemetry-metrics/vault/postgres/put.mdx'

51
website/content/docs/internals/telemetry/metrics/index.mdx Normal file
View File

@@ -0,0 +1,51 @@
---
layout: docs
page_title: Metrics reference overview
description: |-
Learn about how telemetry metrics are structured in Vault
---
# Telemetry metrics overview
## Metric types
Vault provides three types of telemetry metrics:
- **Counter metrics** increment when an event occurs. Counters are cumulative
and reset at the end of reporting intervals.
- **Gauge metrics** provide measurements of current values.
- **Summary metrics** provide observational values. Vault commonly uses
summaries to measure the time required to for a discrete event to complete.
High-cardinality gauges, like `vault.kv.secret.count`, update at the interval
configured with `usage_gauge_period` in the `telemetry` stanza. The default
reporting interval for gauge metrics is 10 minutes.
## Metric labels
Some telemetry metrics come with additional metadata that provides context for
the measurement. For example, a token metric might include the namespace it
belongs to or the authentication method used to create it.
Metric metadata is labeled and incorporated into the metric name for the
in-memory telemetry and any other telemetry engine that does not support custom
labels.
The metric name in the table below is followed by a list of labels supported,
in the order in which they appear, if flattened.
| Label | Example | Description
| ---------------------- | ----------------------- | ---------------------------
| `auth_method` | `userpass` | Authorization engine type
| `cluster` | `vault-cluster-d54ad07` | Name of the cluster where the metric originated
| `creation_ttl` | `7d` | Time-to-live assigned at creation, rounded up to the next-highest bucket: `1m`, `10m`, `20m`, `1h`, `2h`, `1d`, `2d`, `7d`, `30d`, or `+Inf`
| `mount_point` | `auth/userpass/` | Path at which an authentication method or secret engine is mounted
| `name` | `TBD` | Name of the object being aggregated (for example, a quota or quota rule)
| `namespace` | `ns1` | A namespace path or `root` for the root namespace
| `policy` | `default` | Name of the associated policy
| `secret_engine` | `aws` | Secrets engine type
| `token_type` | `service` | Type of the associated token: `batch` or `service`
| `peer_id` | `node-1` | Unique identifier of a raft peer node
| `node_id` | `node-42` | Unique identifier of a raft peer node (duplicates `peer_id`)
| `snapshot_config_name` | `config1` | Name of the configuration used for automated snapshots

21
website/content/docs/internals/telemetry/metrics/policy.mdx Normal file
View File

@@ -0,0 +1,21 @@
---
layout: docs
page_title: "Telemetry reference: Policy metrics"
description: >-
Technical reference for policy related telemetry values.
---
# Policy telemetry
Policy telemetry provides information on the time Vault spends on policy
operations.
## Default metrics
@include 'telemetry-metrics/vault/policy/delete_policy.mdx'
@include 'telemetry-metrics/vault/policy/get_policy.mdx'
@include 'telemetry-metrics/vault/policy/list_policies.mdx'
@include 'telemetry-metrics/vault/policy/set_policy.mdx'

169
website/content/docs/internals/telemetry/metrics/raft.mdx Normal file
View File

@@ -0,0 +1,169 @@
---
layout: docs
page_title: "Telemetry reference: Raft metrics"
description: >-
Technical reference for integrated storage telemetry values.
---
# Raft telemetry
Raft telemetry provides information on
Vault [integrated storage](/vault/docs/configuration/storage/raft).
## Default metrics
@include 'telemetry-metrics/vault/raft/apply.mdx'
@include 'telemetry-metrics/vault/raft/barrier.mdx'
@include 'telemetry-metrics/vault/raft/candidate/electself.mdx'
@include 'telemetry-metrics/vault/raft/commitnumlogs.mdx'
@include 'telemetry-metrics/vault/raft/committime.mdx'
@include 'telemetry-metrics/vault/raft/compactlogs.mdx'
@include 'telemetry-metrics/vault/raft/fsm/apply.mdx'
@include 'telemetry-metrics/vault/raft/fsm/applybatch.mdx'
@include 'telemetry-metrics/vault/raft/fsm/applybatchnum.mdx'
@include 'telemetry-metrics/vault/raft/fsm/enqueue.mdx'
@include 'telemetry-metrics/vault/raft/fsm/restore.mdx'
@include 'telemetry-metrics/vault/raft/fsm/snapshot.mdx'
@include 'telemetry-metrics/vault/raft/fsm/store_config.mdx'
@include 'telemetry-metrics/vault/raft/get.mdx'
@include 'telemetry-metrics/vault/raft/list.mdx'
@include 'telemetry-metrics/vault/raft/peers.mdx'
@include 'telemetry-metrics/vault/raft/restore.mdx'
@include 'telemetry-metrics/vault/raft/restoreusersnapshot.mdx'
@include 'telemetry-metrics/vault/raft/rpc/appendentries.mdx'
@include 'telemetry-metrics/vault/raft/rpc/appendentries/processlogs.mdx'
@include 'telemetry-metrics/vault/raft/rpc/appendentries/storelogs.mdx'
@include 'telemetry-metrics/vault/raft/rpc/installsnapshot.mdx'
@include 'telemetry-metrics/vault/raft/rpc/processheartbeat.mdx'
@include 'telemetry-metrics/vault/raft/rpc/requestvote.mdx'
@include 'telemetry-metrics/vault/raft/snapshot/create.mdx'
@include 'telemetry-metrics/vault/raft/snapshot/persist.mdx'
@include 'telemetry-metrics/vault/raft/snapshot/takesnapshot.mdx'
@include 'telemetry-metrics/vault/raft/state/candidate.mdx'
@include 'telemetry-metrics/vault/raft/state/follower.mdx'
@include 'telemetry-metrics/vault/raft/state/leader.mdx'
@include 'telemetry-metrics/vault/raft/transition/heartbeat_timeout.mdx'
@include 'telemetry-metrics/vault/raft/transition/leader_lease_timeout.mdx'
@include 'telemetry-metrics/vault/raft/verify_leader.mdx'
## Autopilot metrics
@include 'telemetry-metrics/raft-autopilot-note.mdx'
@include 'telemetry-metrics/vault/autopilot/failure_tolerance.mdx'
@include 'telemetry-metrics/vault/autopilot/healthy.mdx'
@include 'telemetry-metrics/vault/autopilot/node/healthy.mdx'
## Leadership change metrics
@include 'telemetry-metrics/raft-leadership-intro.mdx'
@include 'telemetry-metrics/vault/raft/leader/dispatchlog.mdx'
@include 'telemetry-metrics/vault/raft/leader/dispatchnumlogs.mdx'
@include 'telemetry-metrics/vault/raft/leader/lastcontact.mdx'
## Raft replication metrics
@include 'telemetry-metrics/vault/raft/replication/appendentries/log.mdx'
@include 'telemetry-metrics/vault/raft/replication/appendentries/rpc.mdx'
@include 'telemetry-metrics/vault/raft/replication/heartbeat.mdx'
@include 'telemetry-metrics/vault/raft/replication/installsnapshot.mdx'
## Storage metrics
@include 'telemetry-metrics/vault/raft_storage/bolt/cursor/count.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/freelist/allocated_bytes.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/freelist/free_pages.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/freelist/pending_pages.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/freelist/used_bytes.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/node/count.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/node/dereferences.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/page/bytes_allocated.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/page/count.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/rebalance/count.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/rebalance/time.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/spill/count.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/spill/time.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/split/count.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/transaction/currently_open_read_transactions.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/transaction/started_read_transactions.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/write/count.mdx'
@include 'telemetry-metrics/vault/raft_storage/bolt/write/time.mdx'
@include 'telemetry-metrics/vault/raft_storage/follower/applied_index_delta.mdx'
@include 'telemetry-metrics/vault/raft_storage/follower/last_heartbeat_ms.mdx'
@include 'telemetry-metrics/vault/raft_storage/stats/applied_index.mdx'
@include 'telemetry-metrics/vault/raft_storage/stats/commit_index.mdx'
@include 'telemetry-metrics/vault/raft_storage/stats/fsm_pending.mdx'
@include 'telemetry-metrics/vault/raft-storage/delete.mdx'
@include 'telemetry-metrics/vault/raft-storage/entry_size.mdx'
@include 'telemetry-metrics/vault/raft-storage/get.mdx'
@include 'telemetry-metrics/vault/raft-storage/list.mdx'
@include 'telemetry-metrics/vault/raft-storage/put.mdx'
@include 'telemetry-metrics/vault/raft-storage/transaction.mdx'

91
website/content/docs/internals/telemetry/metrics/secrets.mdx Normal file
View File

@@ -0,0 +1,91 @@
---
layout: docs
page_title: "Telemetry reference: Secrets metrics"
description: >-
Technical reference for secrets telemetry values.
---
# Secrets telemetry
Secrets telemetry provides information about configured secrets engine
operations.
## Default metrics
@include 'telemetry-metrics/vault/secret/kv/count.mdx'
@include 'telemetry-metrics/vault/secret/lease/creation.mdx'
## PKI metrics
@include 'telemetry-metrics/secrets/pki/tidy/cert_store_current_entry.mdx'
@include 'telemetry-metrics/secrets/pki/tidy/cert_store_deleted_count.mdx'
@include 'telemetry-metrics/secrets/pki/tidy/cert_store_total_entries_remaining.mdx'
@include 'telemetry-metrics/secrets/pki/tidy/cert_store_total_entries.mdx'
@include 'telemetry-metrics/secrets/pki/tidy/duration.mdx'
@include 'telemetry-metrics/secrets/pki/tidy/failure.mdx'
@include 'telemetry-metrics/secrets/pki/tidy/revoked_cert_current_entry.mdx'
@include 'telemetry-metrics/secrets/pki/tidy/revoked_cert_deleted_count.mdx'
@include 'telemetry-metrics/secrets/pki/tidy/revoked_cert_total_entries_fixed_issuers.mdx'
@include 'telemetry-metrics/secrets/pki/tidy/revoked_cert_total_entries_incorrect_issuers.mdx'
@include 'telemetry-metrics/secrets/pki/tidy/revoked_cert_total_entries_remaining.mdx'
@include 'telemetry-metrics/secrets/pki/tidy/revoked_cert_total_entries.mdx'
@include 'telemetry-metrics/secrets/pki/tidy/start_time_epoch.mdx'
@include 'telemetry-metrics/secrets/pki/tidy/success.mdx'
## Secrets database metrics
@include 'telemetry-metrics/secretsdb-intro.mdx'
@include 'telemetry-metrics/database/close.mdx'
@include 'telemetry-metrics/database/close/error.mdx'
@include 'telemetry-metrics/database/createuser.mdx'
@include 'telemetry-metrics/database/createuser/error.mdx'
@include 'telemetry-metrics/database/initialize.mdx'
@include 'telemetry-metrics/database/initialize/error.mdx'
@include 'telemetry-metrics/database/name/close.mdx'
@include 'telemetry-metrics/database/name/close/error.mdx'
@include 'telemetry-metrics/database/name/createuser.mdx'
@include 'telemetry-metrics/database/name/createuser/error.mdx'
@include 'telemetry-metrics/database/name/initialize.mdx'
@include 'telemetry-metrics/database/name/initialize/error.mdx'
@include 'telemetry-metrics/database/name/renewuser.mdx'
@include 'telemetry-metrics/database/name/renewuser/error.mdx'
@include 'telemetry-metrics/database/name/revokeuser.mdx'
@include 'telemetry-metrics/database/name/revokeuser/error.mdx'
@include 'telemetry-metrics/database/renewuser.mdx'
@include 'telemetry-metrics/database/renewuser/error.mdx'
@include 'telemetry-metrics/database/revokeuser.mdx'
@include 'telemetry-metrics/database/revokeuser/error.mdx'

196
website/content/docs/internals/telemetry/metrics/storage.mdx Normal file
View File

@@ -0,0 +1,196 @@
---
layout: docs
page_title: "Telemetry reference: Storage plugin metrics"
description: >-
Technical reference for individual storage plugin telemetry values.
---
# Storage plugin telemetry
Storage telemetry provides information on the health of Vault storage and your
configured storage backends. For integrated storage metrics, refer to the
[Raft telemetry](/vault/docs/internals/metrics/raft) metric list.
## Barrier metrics
@include 'telemetry-metrics/vault/barrier/delete.mdx'
@include 'telemetry-metrics/vault/barrier/get.mdx'
@include 'telemetry-metrics/vault/barrier/list.mdx'
@include 'telemetry-metrics/vault/barrier/put.mdx'
## Caching metrics
@include 'telemetry-metrics/vault/cache/delete.mdx'
@include 'telemetry-metrics/vault/cache/hit.mdx'
@include 'telemetry-metrics/vault/cache/miss.mdx'
@include 'telemetry-metrics/vault/cache/write.mdx'
## Amazon S3 metrics
@include 'telemetry-metrics/vault/s3/delete.mdx'
@include 'telemetry-metrics/vault/s3/get.mdx'
@include 'telemetry-metrics/vault/s3/list.mdx'
@include 'telemetry-metrics/vault/s3/put.mdx'
## Azure metrics
@include 'telemetry-metrics/vault/azure/delete.mdx'
@include 'telemetry-metrics/vault/azure/get.mdx'
@include 'telemetry-metrics/vault/azure/list.mdx'
@include 'telemetry-metrics/vault/azure/put.mdx'
## Cassandra metrics
@include 'telemetry-metrics/vault/cassandra/delete.mdx'
@include 'telemetry-metrics/vault/cassandra/get.mdx'
@include 'telemetry-metrics/vault/cassandra/list.mdx'
@include 'telemetry-metrics/vault/cassandra/put.mdx'
## Cockroach database metrics
@include 'telemetry-metrics/vault/cockroachdb/delete.mdx'
@include 'telemetry-metrics/vault/cockroachdb/get.mdx'
@include 'telemetry-metrics/vault/cockroachdb/list.mdx'
@include 'telemetry-metrics/vault/cockroachdb/put.mdx'
## Consul metrics
@include 'telemetry-metrics/vault/consul/delete.mdx'
@include 'telemetry-metrics/vault/consul/get.mdx'
@include 'telemetry-metrics/vault/consul/list.mdx'
@include 'telemetry-metrics/vault/consul/put.mdx'
@include 'telemetry-metrics/vault/consul/transaction.mdx'
## Couch database metrics
@include 'telemetry-metrics/vault/couchdb/delete.mdx'
@include 'telemetry-metrics/vault/couchdb/get.mdx'
@include 'telemetry-metrics/vault/couchdb/list.mdx'
@include 'telemetry-metrics/vault/couchdb/put.mdx'
## Dynamo database metrics
@include 'telemetry-metrics/vault/dynamodb/delete.mdx'
@include 'telemetry-metrics/vault/dynamodb/get.mdx'
@include 'telemetry-metrics/vault/dynamodb/list.mdx'
@include 'telemetry-metrics/vault/dynamodb/put.mdx'
## Etcd metrics
@include 'telemetry-metrics/vault/etcd/delete.mdx'
@include 'telemetry-metrics/vault/etcd/get.mdx'
@include 'telemetry-metrics/vault/etcd/list.mdx'
@include 'telemetry-metrics/vault/etcd/put.mdx'
## Google Cloud metrics
@include 'telemetry-metrics/vault/gcs/delete.mdx'
@include 'telemetry-metrics/vault/gcs/get.mdx'
@include 'telemetry-metrics/vault/gcs/list.mdx'
@include 'telemetry-metrics/vault/gcs/lock/lock.mdx'
@include 'telemetry-metrics/vault/gcs/lock/unlock.mdx'
@include 'telemetry-metrics/vault/gcs/lock/value.mdx'
@include 'telemetry-metrics/vault/gcs/put.mdx'
## Google Cloud - Spanner metrics
@include 'telemetry-metrics/vault/spanner/delete.mdx'
@include 'telemetry-metrics/vault/spanner/get.mdx'
@include 'telemetry-metrics/vault/spanner/list.mdx'
@include 'telemetry-metrics/vault/spanner/lock/lock.mdx'
@include 'telemetry-metrics/vault/spanner/lock/unlock.mdx'
@include 'telemetry-metrics/vault/spanner/lock/value.mdx'
@include 'telemetry-metrics/vault/spanner/put.mdx'
## Microsoft SQL Server (MSSQL) metrics
@include 'telemetry-metrics/vault/mssql/delete.mdx'
@include 'telemetry-metrics/vault/mssql/get.mdx'
@include 'telemetry-metrics/vault/mssql/list.mdx'
@include 'telemetry-metrics/vault/mssql/put.mdx'
## MySQL metrics
@include 'telemetry-metrics/vault/mysql/delete.mdx'
@include 'telemetry-metrics/vault/mysql/get.mdx'
@include 'telemetry-metrics/vault/mysql/list.mdx'
@include 'telemetry-metrics/vault/mysql/put.mdx'
## PostgreSQL metrics
@include 'telemetry-metrics/vault/postgres/delete.mdx'
@include 'telemetry-metrics/vault/postgres/get.mdx'
@include 'telemetry-metrics/vault/postgres/list.mdx'
@include 'telemetry-metrics/vault/postgres/put.mdx'
## Swift metrics
@include 'telemetry-metrics/vault/swift/delete.mdx'
@include 'telemetry-metrics/vault/swift/get.mdx'
@include 'telemetry-metrics/vault/swift/list.mdx'
@include 'telemetry-metrics/vault/swift/put.mdx'
## ZooKeeper metrics
@include 'telemetry-metrics/vault/zookeeper/delete.mdx'
@include 'telemetry-metrics/vault/zookeeper/get.mdx'
@include 'telemetry-metrics/vault/zookeeper/list.mdx'
@include 'telemetry-metrics/vault/zookeeper/put.mdx'

5
website/content/partials/telemetry-metrics/database/close.mdx Normal file
View File

@@ -0,0 +1,5 @@
### database.Close ((#database-close))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to close a database secret engine (across all database secrets engines)

5
website/content/partials/telemetry-metrics/database/close/error.mdx Normal file
View File

@@ -0,0 +1,5 @@
### database.Close.error ((#database-close-error))
Metric type | Value | Description
----------- | ------- | -----------
counter | number | Number of errors encountered across all database secrets engines while closing database connections

5
website/content/partials/telemetry-metrics/database/createuser.mdx Normal file
View File

@@ -0,0 +1,5 @@
### database.CreateUser ((#database-createuser))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to create a user across all database secrets engines

5
website/content/partials/telemetry-metrics/database/createuser/error.mdx Normal file
View File

@@ -0,0 +1,5 @@
### database.CreateUser.error ((#database-createuser-error))
Metric type | Value | Description
----------- | ------- | -----------
counter | number | Number of errors encountered across all database secrets engines while creating users

5
website/content/partials/telemetry-metrics/database/initialize.mdx Normal file
View File

@@ -0,0 +1,5 @@
### database.Initialize ((#database-initialize))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to initialize a database secret engine (across all database secrets engines)

5
website/content/partials/telemetry-metrics/database/initialize/error.mdx Normal file
View File

@@ -0,0 +1,5 @@
### database.Initialize.error ((#database-initialize-error))
Metric type | Value | Description
----------- | ------- | -----------
counter | number | Number of errors encountered across all database secrets engines while initializing the database

5
website/content/partials/telemetry-metrics/database/name/close.mdx Normal file
View File

@@ -0,0 +1,5 @@
### database.{NAME}.Close ((#database-name-close))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to close the database secrets engine {NAME}

5
website/content/partials/telemetry-metrics/database/name/close/error.mdx Normal file
View File

@@ -0,0 +1,5 @@
### database.{NAME}.Close.error ((#database-name-close-error))
Metric type | Value | Description
----------- | ------- | -----------
counter | number | Number of errors encountered for the named database secrets engines while closing database connections

5
website/content/partials/telemetry-metrics/database/name/createuser.mdx Normal file
View File

@@ -0,0 +1,5 @@
### database.{NAME}.CreateUser ((#database-name-createuser))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to create a user for the named database secrets engine

5
website/content/partials/telemetry-metrics/database/name/createuser/error.mdx Normal file
View File

@@ -0,0 +1,5 @@
### database.{NAME}.CreateUser.error ((#database-name-createuser-error))
Metric type | Value | Description
----------- | ------- | -----------
counter | number | Number of errors encountered for the named database secrets engines while creating users

5
website/content/partials/telemetry-metrics/database/name/initialize.mdx Normal file
View File

@@ -0,0 +1,5 @@
### database.{NAME}.Initialize ((#database-name-initialize))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to initialize a database secret engine for the named database

5
website/content/partials/telemetry-metrics/database/name/initialize/error.mdx Normal file
View File

@@ -0,0 +1,5 @@
### database.{NAME}.Initialize.error ((#database-name-initialize-error))
Metric type | Value | Description
----------- | ------- | -----------
counter | number | Number of errors encountered for the named database secrets engines while initializing the database

5
website/content/partials/telemetry-metrics/database/name/renewuser.mdx Normal file
View File

@@ -0,0 +1,5 @@
### database.{NAME}.RenewUser ((#database-name-renewuser))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to renew a user for the named database secrets engine

5
website/content/partials/telemetry-metrics/database/name/renewuser/error.mdx Normal file
View File

@@ -0,0 +1,5 @@
### database.{NAME}.RenewUser.error ((#database-name-renewuser-error))
Metric type | Value | Description
----------- | ------- | -----------
counter | number | Number of errors encountered for the named database secrets engines while renewing users

5
website/content/partials/telemetry-metrics/database/name/revokeuser.mdx Normal file
View File

@@ -0,0 +1,5 @@
### database.{NAME}.RevokeUser ((#database-name-revokeuser))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to revoke a user for the named database secrets engine

5
website/content/partials/telemetry-metrics/database/name/revokeuser/error.mdx Normal file
View File

@@ -0,0 +1,5 @@
### database.{NAME}.RevokeUser.error ((#database-name-revokeuser-error))
Metric type | Value | Description
----------- | ------- | -----------
counter | number | Number of errors encountered for the named database secrets engines while revoking users

5
website/content/partials/telemetry-metrics/database/renewuser.mdx Normal file
View File

@@ -0,0 +1,5 @@
### database.RenewUser ((#database-renewuser))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to renew a user across all database secrets engines

5
website/content/partials/telemetry-metrics/database/renewuser/error.mdx Normal file
View File

@@ -0,0 +1,5 @@
### database.RenewUser.error ((#database-renewuser-error))
Metric type | Value | Description
----------- | ------- | -----------
counter | number | Number of errors encountered across all database secrets engines while renewing users

5
website/content/partials/telemetry-metrics/database/revokeuser.mdx Normal file
View File

@@ -0,0 +1,5 @@
### database.RevokeUser ((#database-revokeuser))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to revoke a user across all database secrets engines

5
website/content/partials/telemetry-metrics/database/revokeuser/error.mdx Normal file
View File

@@ -0,0 +1,5 @@
### database.RevokeUser.error ((#database-revokeuser-error))
Metric type | Value | Description
----------- | ------- | -----------
counter | number | Number of errors encountered across all database secrets engines while revoking users

3
website/content/partials/telemetry-metrics/device-intro.mdx Normal file
View File

@@ -0,0 +1,3 @@
Device-specific metrics for each enabled audit device. For example, if you
enable a file audit device, the related metrics are:
`vault.audit.file.log_request` and `vault.audit.file.log_response`.

2
website/content/partials/telemetry-metrics/quota-intro.mdx Normal file
View File

@@ -0,0 +1,2 @@
Quota metrics relate to rate limit and lease count quotas. Each metric comes
with a `name` label that identifies the specific quota.

4
website/content/partials/telemetry-metrics/raft-autopilot-note.mdx Normal file
View File

@@ -0,0 +1,4 @@
<Note heading="Metrics only apply to the active node">
Autopilot only runs on the active node, so autopilot metrics are only
captured for the current active node.
</Note>

2
website/content/partials/telemetry-metrics/raft-leadership-intro.mdx Normal file
View File

@@ -0,0 +1,2 @@
Leadership change metrics indicate the overall performance of the integrated
storage on raft servers and the network connection between raft nodes.

10
website/content/partials/telemetry-metrics/replication-note.mdx Normal file
View File

@@ -0,0 +1,10 @@
<Note heading="Some metrics only available when replication is unhealthy">
The following metrics only appear in telemetry results when replication is
in an unhealthy state:
- `replication.fetchRemoteKeys`
- `replication.merkleDiff`
- `replication.merkleSync`
</Note>

4
website/content/partials/telemetry-metrics/rollback-intro.mdx Normal file
View File

@@ -0,0 +1,4 @@
Rollback metrics for each configured mount point. Metric names convert
forward slashes (`/`) in mount names to dashes (`-`). For example, if you
have the `auth/token` backend configured, the corresponding mount point metric
string is `auth-token`

4
website/content/partials/telemetry-metrics/route-intro.mdx Normal file
View File

@@ -0,0 +1,4 @@
Mount-specific route metrics for each configured mount point. Metric names
convert forward slashes (`/`) in mount names to dashes (`-`). For example, if
you have the `auth/token` backend configured, the corresponding mount point
metric string is `auth-token`

2
website/content/partials/telemetry-metrics/runtime-note.mdx Normal file
View File

@@ -0,0 +1,2 @@
Runtime metrics relate specifically to the **Go runtime** for your Vault
instance.

5
website/content/partials/telemetry-metrics/secrets/pki/tidy/cert_store_current_entry.mdx Normal file
View File

@@ -0,0 +1,5 @@
### secrets.pki.tidy.cert_store_current_entry ((#secrets-pki-tidy-cert_store_current_entry))
Metric type | Value | Description
----------- | ------- | -----------
gauge | number | Index of the certificate store entry currently being verified by the tidy operation

5
website/content/partials/telemetry-metrics/secrets/pki/tidy/cert_store_deleted_count.mdx Normal file
View File

@@ -0,0 +1,5 @@
### secrets.pki.tidy.cert_store_deleted_count ((#secrets-pki-tidy-cert_store_deleted_count))
Metric type | Value | Description
----------- | ------- | -----------
counter | number | Number of entries deleted from the certificate store

5
website/content/partials/telemetry-metrics/secrets/pki/tidy/cert_store_total_entries.mdx Normal file
View File

@@ -0,0 +1,5 @@
### secrets.pki.tidy.cert_store_total_entries ((#secrets-pki-tidy-cert_store_total_entries))
Metric type | Value | Description
----------- | ------- | -----------
gauge | number | Number of entries in the certificate store to verify during the tidy operation

5
website/content/partials/telemetry-metrics/secrets/pki/tidy/cert_store_total_entries_remaining.mdx Normal file
View File

@@ -0,0 +1,5 @@
### secrets.pki.tidy.cert_store_total_entries_remaining ((#secrets-pki-tidy-cert_store_total_entries_remaining))
Metric type | Value | Description
----------- | ------- | -----------
gauge | number | Number of entries in the certificate store checked, but not removed, during the tidy operation

5
website/content/partials/telemetry-metrics/secrets/pki/tidy/duration.mdx Normal file
View File

@@ -0,0 +1,5 @@
### secrets.pki.tidy.duration ((#secrets-pki-tidy-duration))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to complete the PKI tidy operation

5
website/content/partials/telemetry-metrics/secrets/pki/tidy/failure.mdx Normal file
View File

@@ -0,0 +1,5 @@
### secrets.pki.tidy.failure ((#secrets-pki-tidy-failure))
Metric type | Value | Description
----------- | ------- | -----------
counter | number | Number of times the PKI tidy operation failed to finish due to errors

5
website/content/partials/telemetry-metrics/secrets/pki/tidy/revoked_cert_current_entry.mdx Normal file
View File

@@ -0,0 +1,5 @@
### secrets.pki.tidy.revoked_cert_current_entry ((#secrets-pki-tidy-revoked_cert_current_entry))
Metric type | Value | Description
----------- | ------- | -----------
gauge | number | Index of the revoked certificate store entry currently being verified by the tidy operation

5
website/content/partials/telemetry-metrics/secrets/pki/tidy/revoked_cert_deleted_count.mdx Normal file
View File

@@ -0,0 +1,5 @@
### secrets.pki.tidy.revoked_cert_deleted_count ((#secrets-pki-tidy-revoked_cert_deleted_count))
Metric type | Value | Description
----------- | ------- | -----------
counter | number | Number of entries deleted from the certificate store for revoked certificates

5
website/content/partials/telemetry-metrics/secrets/pki/tidy/revoked_cert_total_entries.mdx Normal file
View File

@@ -0,0 +1,5 @@
### secrets.pki.tidy.revoked_cert_total_entries ((#secrets-pki-tidy-revoked_cert_total_entries))
Metric type | Value | Description
----------- | ------- | -----------
gauge | number | Number of revoked certificate entries in the certificate store to be verified during the tidy operation

5
website/content/partials/telemetry-metrics/secrets/pki/tidy/revoked_cert_total_entries_fixed_issuers.mdx Normal file
View File

@@ -0,0 +1,5 @@
### secrets.pki.tidy.revoked_cert_total_entries_fixed_issuers ((#secrets-pki-tidy-revoked_cert_total_entries_fixed_issuers))
Metric type | Value | Description
----------- | ------- | -----------
gauge | number | Number of entries in the certificate store found to have incorrect issuer information that were fixed during the tidy operation

5
website/content/partials/telemetry-metrics/secrets/pki/tidy/revoked_cert_total_entries_incorrect_issuers.mdx Normal file
View File

@@ -0,0 +1,5 @@
### secrets.pki.tidy.revoked_cert_total_entries_incorrect_issuers ((#secrets-pki-tidy-revoked_cert_total_entries_incorrect_issuers))
Metric type | Value | Description
----------- | ------- | -----------
gauge | number | Total number of entries in the certificate store found to have incorrect issuer information

5
website/content/partials/telemetry-metrics/secrets/pki/tidy/revoked_cert_total_entries_remaining.mdx Normal file
View File

@@ -0,0 +1,5 @@
### secrets.pki.tidy.revoked_cert_total_entries_remaining ((#secrets-pki-tidy-revoked_cert_total_entries_remaining))
Metric type | Value | Description
----------- | ------- | -----------
gauge | number | Number of revoked certificates in the certificate store checked, but not removed, during the tidy operation

8
website/content/partials/telemetry-metrics/secrets/pki/tidy/start_time_epoch.mdx Normal file
View File

@@ -0,0 +1,8 @@
### secrets.pki.tidy.start_time_epoch ((#secrets-pki-tidy-start_time_epoch))
Metric type | Value | Description
----------- | ------- | -----------
gauge | seconds | Epoch time (seconds since 1970-01-01) when the PKI tidy operation began
The start time metric reports a value of `0` if the PKI tidy operation is not
currently active.

5
website/content/partials/telemetry-metrics/secrets/pki/tidy/success.mdx Normal file
View File

@@ -0,0 +1,5 @@
### secrets.pki.tidy.success ((#secrets-pki-tidy-success))
Metric type | Value | Description
----------- | ------- | -----------
counter | number | Number of times the PKI tidy operation completed successfully

4
website/content/partials/telemetry-metrics/secretsdb-intro.mdx Normal file
View File

@@ -0,0 +1,4 @@
Metrics related to your configured **secrets engines**, including
database-specific metrics for each named secrets engine. For example, if you
enable a PostgreSQL secrets engine called `postgresql-prod`, the related
`CreateUser.error` metric is `database.postgresql-prod.CreateUser.error`.

5
website/content/partials/telemetry-metrics/vault/audit/device/log_request.mdx Normal file
View File

@@ -0,0 +1,5 @@
### vault.audit.{DEVICE}.log_request ((#vault-audit-device-log_request))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to complete all audit log requests across the device

5
website/content/partials/telemetry-metrics/vault/audit/device/log_request_failure.mdx Normal file
View File

@@ -0,0 +1,5 @@
### vault.audit.{DEVICE}.log_request_failure ((#vault-audit-device-log_request_failure))
Metric type | Value | Description
----------- | ------- | -----------
counter | number | Number of audit log request failures

5
website/content/partials/telemetry-metrics/vault/audit/device/log_response.mdx Normal file
View File

@@ -0,0 +1,5 @@
### vault.audit.{DEVICE}.log_response ((#vault-audit-device-log_response))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to complete all audit log responses across the device

5
website/content/partials/telemetry-metrics/vault/audit/device/log_response_failure.mdx Normal file
View File

@@ -0,0 +1,5 @@
### vault.audit.{DEVICE}.log_response_failure ((#vault-audit-device-log_response_failure))
Metric type | Value | Description
----------- | ------- | -----------
counter | number | Number of audit log request failures

5
website/content/partials/telemetry-metrics/vault/audit/log_request.mdx Normal file
View File

@@ -0,0 +1,5 @@
### vault.audit.log_request ((#vault-audit-log_request))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to complete all audit log requests across all audit log devices

15
website/content/partials/telemetry-metrics/vault/audit/log_request_failure.mdx Normal file
View File

@@ -0,0 +1,15 @@
### vault.audit.log_request_failure ((#vault-audit-log_request_failure))
Metric type | Value | Description
----------- | ------- | -----------
counter | number | Number of audit log request failures across all devices
The number of request failures is a **crucial metric**.
A non-zero value for `vault.audit.log_request_failure` indicates that all your
configured audit devices failed to log a request (or response). If Vault cannot
properly audit a request, or the response to a request, the original request
will fail.
Refer to the Vault logs and any device-specific metrics to troubleshoot the
failing audit log device.

5
website/content/partials/telemetry-metrics/vault/audit/log_response.mdx Normal file
View File

@@ -0,0 +1,5 @@
### vault.audit.log_response ((#vault-audit-log_response))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to complete audit log responses across all audit log devices

15
website/content/partials/telemetry-metrics/vault/audit/log_response_failure.mdx Normal file
View File

@@ -0,0 +1,15 @@
### vault.audit.log_response_failure ((#vault-audit-log_response_failure))
Metric type | Value | Description
----------- | ------- | -----------
counter | number | Number of audit log request failures across all devices
The number of request failures is a **crucial metric**.
A non-zero value for `vault.audit.log_response_failure` indicates that one of
the configured audit log devices failed to respond to Vault. If Vault cannot
properly audit a request, or the response to a request, the original request
will fail.
Refer to the device-specific metrics and logs to troubleshoot the failing audit
log device.

7
website/content/partials/telemetry-metrics/vault/autopilot/failure_tolerance.mdx Normal file
View File

@@ -0,0 +1,7 @@
### vault.autopilot.failure_tolerance ((#vault-autopilot-failure_tolerance))
Metric type | Value | Description
----------- | ----- | -----------
gauge | nodes | The number of healthy nodes in excess of quorum
The failure tolerance indicates how many currently healthy nodes can fail without losing quorum.

9
website/content/partials/telemetry-metrics/vault/autopilot/healthy.mdx Normal file
View File

@@ -0,0 +1,9 @@
### vault.autopilot.healthy ((#vault-autopilot-healthy))
Metric type | Value | Description
----------- | ------- | -----------
gauge | boolean | Indicates whether all nodes are healthy
- A value of `1` on the gauge means that Autopilot deems all nodes healthy.
- A value of `0` on the gauge means that Autopilot deems at least 1 node
unhealthy.

10
website/content/partials/telemetry-metrics/vault/autopilot/node/healthy.mdx Normal file
View File

@@ -0,0 +1,10 @@
### vault.autopilot.node.healthy ((#vault-autopilot-node-healthy))
Metric type | Value | Description
----------- | ------- | -----------
gauge | boolean | Indicates whether the active node is healthy
- A value of `1` on the gauge means that Autopilot deems the node indicated by
`node_id` is healthy.
- A value of `0` on the gauge means that Autopilot cannot communicate with the
node indicated by `node_id`, or deems the node unhealthy.

5
website/content/partials/telemetry-metrics/vault/autosnapshots/last/success/time.mdx Normal file
View File

@@ -0,0 +1,5 @@
### vault.autosnapshots.last.success.time ((#vault-autosnapshots-last-success-time))
Metric type | Value | Description
----------- | --------- | -----------
gauge | timestamp | Epoch time (seconds since 1970-01-01) of the last successful snapshot save

10
website/content/partials/telemetry-metrics/vault/autosnapshots/percent/maxspace/used.mdx Normal file
View File

@@ -0,0 +1,10 @@
### vault.autosnapshots.percent.maxspace.used ((#vault-autosnapshots-percent-maxspace-used))
Metric type | Value | Description
----------- | ---------- | -----------
gauge | percentage | The percentage of space currently used on local storage (disk) by saved snapshots
Vault only populates the `vault.autosnapshots.percent.maxspace.used` metric when
the storage type for autosnapshot is `local`. The percentage of used space is
relative to the maximum allocated space for snapshots, not the total available
space on local storage.

9
website/content/partials/telemetry-metrics/vault/autosnapshots/rotate/duration.mdx Normal file
View File

@@ -0,0 +1,9 @@
### vault.autosnapshots.rotate.duration ((#vault-autosnapshots-rotate-duration))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | The time taken to rotate out the snapshot indicated by `snapshot_config_name`
Vault deletes snapshots to adhere to the configured retention period. The
rotation metric specifically measures the time taken to delete the snapshot once
the retention period expires.

5
website/content/partials/telemetry-metrics/vault/autosnapshots/save/duration.mdx Normal file
View File

@@ -0,0 +1,5 @@
### vault.autosnapshots.save.duration ((#vault-autosnapshots-save-duration))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | The time taken to save the snapshot indicated by `snapshot_config_name`

5
website/content/partials/telemetry-metrics/vault/autosnapshots/save/errors.mdx Normal file
View File

@@ -0,0 +1,5 @@
### vault.autosnapshots.save.errors ((#vault-autosnapshots-save-errors))
Metric type | Value | Description
----------- | ------- | -----------
counter | number | The number of errors encountered while trying to save the snapshot indicated by `snapshot_config_name`

5
website/content/partials/telemetry-metrics/vault/autosnapshots/snapshot/size.mdx Normal file
View File

@@ -0,0 +1,5 @@
### vault.autosnapshots.snapshot.size ((#vault-autosnapshots-snapshot-size))
Metric type | Value | Description
----------- | ----- | -----------
summary | bytes | The current size of the snapshot indicated by `snapshot_config_name`

8
website/content/partials/telemetry-metrics/vault/autosnapshots/total/snapshot/size.mdx Normal file
View File

@@ -0,0 +1,8 @@
### vault.autosnapshots.total.snapshot.size ((#vault-autosnapshots-total-snapshot-size))
Metric type | Value | Description
----------- | ----- | -----------
gauge | bytes | The space currently used on local storage (disk) by saved snapshots
Vault only populates the `vault.autosnapshots.total.snapshot.size` metric when
the storage type for autosnapshot is `local`.

5
website/content/partials/telemetry-metrics/vault/azure/delete.mdx Normal file
View File

@@ -0,0 +1,5 @@
### vault.azure.delete ((#vault-azure-delete))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to complete a `DELETE` operation against the Azure storage backend

5
website/content/partials/telemetry-metrics/vault/azure/get.mdx Normal file
View File

@@ -0,0 +1,5 @@
### vault.azure.get ((#vault-azure-get))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to complete a `GET` operation against the Azure storage backend

5
website/content/partials/telemetry-metrics/vault/azure/list.mdx Normal file
View File

@@ -0,0 +1,5 @@
### vault.azure.list ((#vault-azure-list))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to complete a `LIST` operation against the Azure storage backend

5
website/content/partials/telemetry-metrics/vault/azure/put.mdx Normal file
View File

@@ -0,0 +1,5 @@
### vault.azure.put ((#vault-azure-put))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to complete a `PUT` operation against the Azure storage backend

5
website/content/partials/telemetry-metrics/vault/barrier/delete.mdx Normal file
View File

@@ -0,0 +1,5 @@
### vault.barrier.delete ((#vault-barrier-delete))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to complete a `DELETE` operation at the barrier

5
website/content/partials/telemetry-metrics/vault/barrier/get.mdx Normal file
View File

@@ -0,0 +1,5 @@
### vault.barrier.get ((#vault-barrier-get))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to complete a `GET` operation at the barrier

5
website/content/partials/telemetry-metrics/vault/barrier/list.mdx Normal file
View File

@@ -0,0 +1,5 @@
### vault.barrier.list ((#vault-barrier-list))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to complete a `LIST` operation at the barrier

5
website/content/partials/telemetry-metrics/vault/barrier/put.mdx Normal file
View File

@@ -0,0 +1,5 @@
### vault.barrier.put ((#vault-barrier-put))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to complete a `PUT` operation at the barrier

5
website/content/partials/telemetry-metrics/vault/cache/delete.mdx vendored Normal file
View File

@@ -0,0 +1,5 @@
### vault.cache.delete ((#vault-cache-delete))
Metric type | Value | Description
----------- | ------- | -----------
counter | number | Number of deletes from the LRU cache

5
website/content/partials/telemetry-metrics/vault/cache/hit.mdx vendored Normal file
View File

@@ -0,0 +1,5 @@
### vault.cache.hit ((#vault-cache-hit))
Metric type | Value | Description
----------- | ------- | -----------
counter | number | Number of hits against the LRU cache that avoided a read from configured storage

5
website/content/partials/telemetry-metrics/vault/cache/miss.mdx vendored Normal file
View File

@@ -0,0 +1,5 @@
### vault.cache.miss ((#vault-cache-miss))
Metric type | Value | Description
----------- | ------- | -----------
counter | number | Number of misses against the LRU cache that required a read from configured storage

5
website/content/partials/telemetry-metrics/vault/cache/write.mdx vendored Normal file
View File

@@ -0,0 +1,5 @@
### vault.cache.write ((#vault-cache-write))
Metric type | Value | Description
----------- | ------- | -----------
counter | number | Number of writes to the LRU cache

5
website/content/partials/telemetry-metrics/vault/cassandra/delete.mdx Normal file
View File

@@ -0,0 +1,5 @@
### vault.cassandra.delete ((#vault-cassandra-delete))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to complete a `DELETE` operation against the Cassandra storage backend

5
website/content/partials/telemetry-metrics/vault/cassandra/get.mdx Normal file
View File

@@ -0,0 +1,5 @@
### vault.cassandra.get ((#vault-cassandra-get))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to complete a `GET` operation against the Cassandra storage backend

5
website/content/partials/telemetry-metrics/vault/cassandra/list.mdx Normal file
View File

@@ -0,0 +1,5 @@
### vault.cassandra.list ((#vault-cassandra-list))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to complete a `LIST` operation against the Cassandra storage backend

5
website/content/partials/telemetry-metrics/vault/cassandra/put.mdx Normal file
View File

@@ -0,0 +1,5 @@
### vault.cassandra.put ((#vault-cassandra-put))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to complete a `PUT` operation against the Cassandra storage backend

5
website/content/partials/telemetry-metrics/vault/cockroachdb/delete.mdx Normal file
View File

@@ -0,0 +1,5 @@
### vault.cockroachdb.delete ((#vault-cockroachdb-delete))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to complete a `DELETE` operation against the CockroachDB storage backend

5
website/content/partials/telemetry-metrics/vault/cockroachdb/get.mdx Normal file
View File

@@ -0,0 +1,5 @@
### vault.cockroachdb.get ((#vault-cockroachdb-get))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to complete a `GET` operation against the CockroachDB storage backend

5
website/content/partials/telemetry-metrics/vault/cockroachdb/list.mdx Normal file
View File

@@ -0,0 +1,5 @@
### vault.cockroachdb.list ((#vault-cockroachdb-list))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to complete a `LIST` operation against the CockroachDB storage backend

5
website/content/partials/telemetry-metrics/vault/cockroachdb/put.mdx Normal file
View File

@@ -0,0 +1,5 @@
### vault.cockroachdb.put ((#vault-cockroachdb-put))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to complete a `PUT` operation against the CockroachDB storage backend

5
website/content/partials/telemetry-metrics/vault/consul/delete.mdx Normal file
View File

@@ -0,0 +1,5 @@
### vault.consul.delete ((#vault-consul-delete))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to complete a `DELETE` operation against the Consul storage backend

5
website/content/partials/telemetry-metrics/vault/consul/get.mdx Normal file
View File

@@ -0,0 +1,5 @@
### vault.consul.get ((#vault-consul-get))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to complete a `GET` operation against the Consul storage backend

5
website/content/partials/telemetry-metrics/vault/consul/list.mdx Normal file
View File

@@ -0,0 +1,5 @@
### vault.consul.list ((#vault-consul-list))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to complete a `LIST` operation against the Consul storage backend

5
website/content/partials/telemetry-metrics/vault/consul/put.mdx Normal file
View File

@@ -0,0 +1,5 @@
### vault.consul.put ((#vault-consul-put))
Metric type | Value | Description
----------- | ----- | -----------
summary | ms | Time required to complete a `PUT` operation against the Consul storage backend

Some files were not shown because too many files have changed in this diff Show More